Two Ldaps Authentication

Alan DeKok aland at
Fri Jun 16 17:47:42 CEST 2006

fvt3 <fvt3 at> wrote:
> Hi, I am trying to setup Freedius to have multiple
> ldap authentication.  I want to authenticate off
> ldap1, then ldap2 then mysql.

  No, you don't.  For one, MySQL doesn't do authentication.  Neither
does LDAP, really.

  What you probably mean is that you want to look the user up in
ldap1, or ldap2, or mysql.

> In the users file I have:
> DEFAULT Autz-Type := "LDAP1", Auth-Type = "LDAP1"
>         Fall-Through = Yes,
>         Reply-Message = "ldap"
> DEFAULT Autz-Type := "LDAP2", Auth-Type = "LDAP2"

  Read "man users".  The second entry is over-writing the first one.
So the first one is useless.

> With this setup, radius is skipping ldap1 and go
> directly to ldap2.  How can I force it to read ldap1
> then ldap2 in the user file.

  You don't.  The "users" file isn't meant to do that.

  If you want to look users up in ldap1, then ldap2 if they're not in
ldap1, see doc/configurable_failover.

  Alan DeKok.

More information about the Freeradius-Users mailing list