LDAP auth in two sources

tnt at kalik.net tnt at kalik.net
Thu Nov 26 19:21:29 CET 2009


>> > With curent configuration i get this:
>> >
>> > if username aren't found in first LDAP lets proceed to
>> the
>> > next
>> > if username aren't found in second LDAP lets DENY
>> access
>>
>> You probably don't need that after upgrade. Just force
>> Auth-Type LDAP in
>> users file.
>
> As i doesn't have any other auth rather LDAP it is done
> automatically. I hope so. ;-)

Enable files (and comment out ldap entries) and put:

DEFAULT Auth-Type := tam

at the top of the users file. That's much cheaper way.

>> Create failover inside Auth-Type LDAP:
>>
>> Auth-Type LDAP {
>>      tam {
>>           reject = 2
>>           }
>>      if(reject) {
>>           lotus
>>      }
>> }
>>
>
> I have realised something like this in my long road to
> success. Unfortunately there an issue.
>
> LDAP1: uid=username,o=org1
> LDAP2: uid=username,o=org2
>
> As you can see "o=org..." is different.
>
> You can see when radius try to authenticate on the second
> LDAP (ldap2.ts) it hasn't changed o=org1 to o=org2. This is
> a problem. we cannot modify any scheme of those two LDAP
> servers.

Check base_dn. You say it is different but server debug would disagree.

Ivan Kalik




More information about the Freeradius-Users mailing list