LDAP/AD and multiple OU's
Justin Steward
justin at justinsteward.com
Tue Sep 15 02:50:51 CEST 2009
Hi guys,
A couple of quick questions just to make sure I don't end up chasing my own
tail.
Need to authenticate by doing a basic bind against an AD server. All users
are contained in seperate OU's below a primary OU.
The relevant LDAP lines from radiusd -X are (with identifiable information
removed):
rlm_ldap: bind as Cn=lookupuser,OU=Primary, ou=....../password123 to
.....:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=Primary,ou=....., with filter
(uid=username)
rlm_ldap: object not found or got ambiguous search result
Now, I know the user is actually contained in ou=2015,ou=Primary,ou=.....
and there are others contained in 2016,2017,2018, etc.
1) Does freeRadius automatically search each of these sub containers, or do
I have to tell it to some how?
2) Does AD even store usernames in UID? (loln00b question. But i have no
experienec with AD, so far I haven't had an AD box to play with, and this
one is more or less out of my control, I can only talk to it over LDAP.)
Many Thanks,
Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090915/e8dac92c/attachment.html>
More information about the Freeradius-Users
mailing list