Multiple LDAP search

Gary Prosser gary.prosser at trinity-bris.ac.uk
Wed Aug 4 18:41:35 CEST 2010 

Our setup (see below) works in the way you describe: if a valid username
is found in ldap1 return ok otherwise (notfound) OR (fail) look in
ldap2; if found return ok otherwise (notfound) OR (fail) look in ldap3
etc

modules

        ldap ldap1 {

                server = "localhost"
                basedn = "ou=TrinityStudentLogins,dc=our-domain"
                filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"

                start_tls = no
                dictionary_mapping = ${raddbdir}/ldap.attrmap
                ldap_connections_number = 5
                edir_account_policy_check=no
                timeout = 4
                timelimit = 3
                net_timeout = 3
        }
        ldap ldap2 {
config for different ldap server or different ou
        }
        ldap ldap3 {
config for different ldap server or different ou
	}

authorise {
        preprocess
chap
mschap
        suffix

        redundant {
                ldap1 {
                        fail = 1
                        noop = 2
                        notfound = 3
                        ok = return
                        reject = return
                        userlock = return
                        invalid = return
                }
                ldap2 {
                        fail = 1
                        noop = 2
                        notfound = 3
                        ok = return
                        reject = return
                        userlock = return
                        invalid = return
                }
                ldap3 {
                        fail = 1
                        noop = 2
                        notfound = 3
                        ok = return
                        reject = return
                        userlock = return
                        invalid = return
                }

authenticate {
          ldap1
          ldap2
	  ldap3
          chap
}

Gary Prosser

-  
IT Manager
Trinity College, Bristol (http://www.trinity-bris.ac.uk)


-----Original Message-----
From: Wayne Van der Merwe <vdmerww at gmail.com>
Reply-To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
To: freeradius-users at lists.freeradius.org
Subject: Multiple LDAP search
Date: Wed, 4 Aug 2010 14:09:00 +0200

Hi all

I got LDAP working on FreeRADIUS Version 2.1.8, with SUSE 10.1

Now i need to do the following if the user is not found in the 1st LDAP
search, that searches in o=EC, then it must search again in o=HLT.

I would like to know where to create these files.

Thank you
Wayne van der Merwe



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


To ensure you receive email from Trinity College into your inbox, please add @trinity-bris.ac.uk to your email safe list (also known as whitelist).

More information about the Freeradius-Users mailing list