rlm_ldap and large AD structure issue
Phil Mayers
p.mayers at imperial.ac.uk
Tue Feb 26 10:53:29 CET 2008
> ldap a {
add the "set_auth_type = yes" option to all 3 ldap modules, and probably
call them something more descriptive for reasons which will become clear
below e.g.
modules {
ldap ldap-a {
..
set_auth_type = yes
}
}
> authorize {
You can probably do this:
authorize {
redundant {
a
b
c
}
}
...which will stop processing when the first LDAP module matches
> authenticate {
When an LDAP module is "named" as opposed to anonymous and
"set_auth_type = yes" the Auth-Type gets set to the module name so do this:
authenticate {
Auth-Type ldap-a {
ldap-a
}
Auth-Type ldap-b {
ldap-b
}
}
That should work.
More information about the Freeradius-Users
mailing list