Ldap query
Michael Ströder
michael at stroeder.com
Sat Mar 12 18:49:37 CET 2016
Franks Andy (IT Technical Architecture Manager) wrote:
> - Is it worth me debugging to find out why AD is giving out referals that
> presumably can't be connected to, and if so how? I tried adding debug options
> "debug 255" and "logdir /var/log" to ldap.conf, and turning on the 0x0028
> option in mods-enabled/ldap but I can't see any debugging information - any
> clues?
LDAPv3 referrals are under-specified broken concept anyway.
Personally I'd recommend to
1. always switch of client-side referral chasing unless you're really know what
you're doing
2. with MS AD point your LDAP client to the global catalog port if you have a
more complex AD forest for which you provide RADIUS service
@freeradius developers:
IMHO the default should be chase_referrals = no in the installed configuration.
chase_referrals = yes causes more issues than it solves.
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160312/34ff40e2/attachment.bin>
More information about the Freeradius-Users
mailing list