ldap backend and Realm
Chris
cjl at viptalk.net
Mon Nov 17 18:19:40 CET 2008
On Nov 17, 2008, at 8:50 AM, Mustapha Bouikhif wrote:
> tnt at kalik.net wrote:
>>> radiusd: FreeRADIUS Version 2.1.1, for host i686-pc-linux-gnu
>>>
>>>
>>
>> Then ldap is not in radiusd.conf. ldap is now in raddb/modules/ldap.
>> authorize in not in radiusd.conf either. It's in
>> raddb/sites-enabled/default. Are you trying to use new version with a
>> copy of old radiusd.conf?
>>
>> Post the whole debug from server startup.
>>
>> Ivan Kalik
>> Kalik Informatika ISP
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>>
> Here is the debug of radiusd (attached file)
> rlm_ldap: bind as uid=Manager,%{control:My-BaseDN}/sirc2 to
> ldapauth.cnrs-gif.fr:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: uid=Manager,%{control:My-BaseDN} bind to ldapauth.cnrs-
> gif.fr:389 failed Invalid DN syntax
> rlm_ldap: (re)connection attempt failed
It is my understanding that few of the ldap configuration parameters
are variable-expanded at bind and search time.
I had no luck getting basedn to expand, but filter expands okay. I
ended up defining different LDAP modules with the different basedn
settings I needed and used unlang to call the proper one:
ldap ldap-basedn1 {
basedn = ou=org1
...
}
ldap ldap-basedn2 {
basedn = ou=org2
...
}
authorize {
switch "%{Realm}" {
case realm1 {
...
ldap-basedn1
}
case realm2 {
...
ldap-basedn2
}
}
No, it is not as elegant as I'd like, but basedn doesn't expand so I
felt I had no choice. It works.
More information about the Freeradius-Users
mailing list