Multiple LDAP searches
Alan DeKok
aland at deployingradius.com
Wed Mar 31 00:40:42 CEST 2010
Rob Brickhouse wrote:
> I am setting up freeradius 2.1.6 and seem to be stuck on how do I go
> about setting up my ldap module to search multiple basedn if the user is
> not found in the first? I have four that I need to search in my LDAP
> tree but cannot figure out the correct way to make it search more than
> one. I feel like this is probably something simple I'm missing but can't
> seem to see it atm.
There's no simple way to do that. The intent of the LDAP module is to
have *one* set of users. Instead, you want fail-over for LDAP searches:
search BASEDN A, and stop if the user is found
otherwise, search BASEDN B, and stop if the user is found
otherwise....
That's complicated. I suggest looking to see if your LDAP server can
provide a "view" that is the union of the 4 basedns.
Otherwise, maybe write a Perl script, or simply configure 4 copies of
the LDAP module, and then do the fail-over config in FreeRADIUS.
Alan DeKok.
More information about the Freeradius-Users
mailing list