Slow Ldap Authorization
Phil Mayers
p.mayers at imperial.ac.uk
Tue Jan 15 08:49:19 CET 2013
On 01/15/2013 07:45 AM, Phil Mayers wrote:
> On 01/11/2013 10:15 PM, Tyler Brady wrote:
>
>> basedn = "DC=company,DC=com"
>
> Try setting a more specific (longer) base DN. As Arran has pointed out,
> you're getting LDAP referrals. Active Directory likes to do this if you
> query the LDAP tree from a point "above" >1 database, even though
> they're all available from the same server.
Sorry, I've just realised another thing you can try - disable referral
chasing. This is an option on the ldap module - try this:
ldap {
...
chase_referrals = no
}
...this may be more workable than changing base DN, if I'm inferring
your AD layout correctly ("everything under top-level").
More information about the Freeradius-Users
mailing list