differentiate authoriztion/ authentication in separate ldap modules
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Wed Sep 4 09:59:58 CEST 2013
On 4 Sep 2013, at 06:54, "Hachmer, Tobias" <Tobias.Hachmer at stadt-frankfurt.de> wrote:
> Hello Alan,
>
>>> Hachmer, Tobias wrote:
>>> - Rewrite DN?
>> You can rewrite the DN. That's why it's editable, as the LDAP-UserDn attribute.
>
> How can I do this and how "magic" could I rewrite the DN?
> The local ldap DIT and the AD DIT are totally different (different OU structure). It is much more than rewrite the base DN.
> When there's no way to determine the DN in AD DIT again I think I can achieve this more easy using ntlm_auth because I just want to check the password against AD, am I right?
>
Yes.
update control {
LDAP-BaseDN !* ANY
}
open_ldap.authorize
open_ldap
Or the other way around to auth against AD.
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
More information about the Freeradius-Users
mailing list