Multiple BaseDN's - How Do I Do This?
Jorgen Rosink
jrosink at gmail.com
Fri May 9 14:59:39 CEST 2008
On Thu, May 8, 2008 at 7:57 PM, Rob VanDusen <rvanduse at oaisd.org> wrote:
> My current config will check via LDAP against a NetWare box and authorize anyone in the ESB container - but I can't get it to look at any of the other containers. I tried doing multiple instances of the LDAP module - but that resulted in the server not authorizing anyone.
You probably didn't do it right, because it should work...
> How would I set this up so I can add the other O's as Base DN's? I'd really appreciate any instructions that a slightly dim bulb could follow.
Create a LDAP module for every context you want to use with RADIUS:
ldap CTC {
server = "<IP/FQDN>"
identity = "cn=<user>, o=<container>"
password = "<password>"
basedn = "o=CTC"
filter = "(cn=%{Stripped-User-Name:-%{User-Name}})"
base_filter = "(objectclass=radiusprofile)"
start_tls = yes
tls_require_cert = "demand"
#access_attr = "dialupAccess"
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
password_attribute = nspmPassword
edir_account_policy_check=yes
timeout = 4
timelimit = 3
net_timeout = 1
}
ldap ESB {
basedn = "o=ESB"
... etc. for all other contexts
}
Now refer to these modules in the Authorize and Post-Authentication
(if you want eDirectory policies) by module name, like:
authorize {
...
CTC
ESB
...
}
post-auth {
...
CTC
ESB
Post-Auth-Type REJECT {
CTC
ESB
...
}
...
}
More information about the Freeradius-Users
mailing list