LDAP search scope directive?
Martin Pauly
pauly at hrz.uni-marburg.de
Tue Apr 3 17:41:02 CEST 2007
Hi,
my current problem has already been discussed on this list --
here's a snippet from Nov 2004:
"Ron Wahler" <ron at rovingplanet.com> asked:
> > It seems that one of our customers has a database in which it does
> > Have duplicate users names, they were asking the following question:
> >
> > "Would also like to know how LDAP handles duplicate user names (if the
> > baseDN was set to O=ACME instead of OU=Users,O=ACME)"
> >
> > If the basedn Is at the higher level there may be duplicates.
Kostas Kalevras <kkalev at noc.ntua.gr> replied:
> Do you mean that there may be:
>
> uid=user,o=acme and uid=user,ou=users,o=acme ?
>
> If that is the case the solution is simple:
>
> ldap ldap1{
> basedn = "o=acme"
> scope = "one"
> }
> ldap ldap2{
> basedn = "ou=users,o=acme"
> scope = "sub"
> }
>
> authorize{
> ldap1
> ldap2
> }
>
> authenticate{
> ldap1
> }
>
> The only problem is that a scope directive does not exist yet. Adding one
> will not be hard though if it is needed. If that is what is needed please
> open a bug request in bugs.freeradius.org.
Due to a reorganization of our LDAP tree, we will need to duplicate our
15.000+ account entries in a new, separate subtree, located below the
old one. During migration (which will hopefully run overnight, but
certainly take severeal hours), services should be kept running as good
as possible. So I'm going to face exactly the situation described above.
To make the LDAP search result unique,
> ldap ldap1{
> basedn = "o=acme"
> scope = "one"
would do the job for me. Has such a directive been implemented?
Thanks, Martin
--
Dr. Martin Pauly Fax: 49-6421-28-26994
HRZ Univ. Marburg Phone: 49-6421-28-23527
Hans-Meerwein-Str. E-Mail: pauly at HRZ.Uni-Marburg.DE
D-35032 Marburg
More information about the Freeradius-Users
mailing list