multiple ldap instances, which instance is used for searching?
Phil Mayers
p.mayers at imperial.ac.uk
Wed Jul 3 18:47:14 CEST 2013
On 03/07/13 17:34, Martin Kraus wrote:
> Now my setup stopped working because suddenly ldap-eduroam was checking for
> groups when matching Ldap-Group. I was under the impression that when not
> specificed with ldap-eduroam-Ldap-Group the default ldap entry would be used.
No. Most recently instantiated, which can be essentially random.
Basically, don't do this; if you have >1 ldap instance, don't use
"Ldap-Group", always use "instance-Ldap-Group"
>
> I had to instantiate the ldap modules in a special order
>
> instantiate {
> ldap-eduroam
> ldap-netdefault
> ldap
> }
>
> so the ldap instance would take over again. Is this an expected behaviour?
Yes
> Will this solution hold or should I name the ldap instance as well and use
> the name-Ldap-Group everywhere?
Yes
More information about the Freeradius-Users
mailing list