LDAP server per realm

Mon Apr 16 21:48:19 CEST 2007

Hello everyone,

I'm working on finding a way to define multiple local realms and have 
each have a unique ldap profile associated with them.    We want one 
associated with a particular realm, and the other to be the 
catchall/default case.  In addition to this, we're also using EAP/TTLS, 
which may or not complicate the situation..  After googling a bit, I was 
under the impression that something along the following lines should work:
Here are the relevant parts of the the files I modified:

in proxy.conf:
realm VLS {
        type            = radius
        authhost        = LOCAL
        accthost        = LOCAL
}

in dictionary:
VALUE   Auth-Type               VU      1
VALUE   Auth-Type               VLS     2

VALUE   Autz-Type               VU      1
VALUE   Autz-Type               VLS     2

in users:
DEFAULT         Domain == "VLS", Autz-Type := VLS

in radiusd.conf:

ldap vlsldap {
    ....
    set_auth_type = yes
}

ldap vuldap {
    ....
    set_auth_type = yes
}

authorize {
    ...
    ...
    Autz-Type VLS {
       vlsldap
    }
    vuldap

    ...
}

authenticate {
       ...
        Auth-Type VLS {
                vlsldap
        }
        vuldap
       ...
}

When I attempt to authenticate, regardless of whether I specify a realm 
or not, it only checks the vuldap servers.      Any suggestions would be 
greatly appreciated!

Thank you..

..Sean.