Optimize LDAP searches
Phil Mayers
p.mayers at imperial.ac.uk
Fri Sep 8 09:44:03 CEST 2006
Jorgen Rosink wrote:
> We have multiple remote sites each with it's own NAS, each NAS search
> for users in multiple LDAP contexts. Each NAS (read: site) has one or
> more "primary" contexts, which I like to search first before looking
> in all others (roaming users). At this time search order is based on
> the order of LDAP module entries in the authorize {} section.
>
> Is there a way to configure the search order of multiple LDAP contexts
> based on NAS IP address ?
You could set Autz-Type based on NAS IP, and have the ldap modules with
the various ordering preferences as Autz-Type sub-sections of authorize
- see the docs for Autz-Type
>
> I understand there is no way to do a single recursive query on a LDAP
> base like o=myorg, is there some reason, or should I submit a feature
> request ??? ;-)))
That's incorrect. You can search from any DN you like down an
arbitrarily deep sub-tree, assuming your LDAP server isn't e.g. a
braindead AD server which will fail.
More information about the Freeradius-Users
mailing list