On Fri, 25 Jun 2004 [EMAIL PROTECTED] wrote:
> >> Ah. But the module still registers a callback for LDAP-Group, even
> >> if one already exists. That should probably be double-checked...>
> >
> >The only way for the ldap module to know if ldap-group has been registered is to
> >keep a ldap_group_registered value. In any case >>the ldap module which will be
> >instantiated last will be the one that will handle ldap-group comparisons. If we
> >add a check that will change to the first ldap module which is instantiated. I
> >think it's more or less a matter of personal taste, which module we 'd like to
> >handle ldap-group comparisons. Is it really worth the effort. Users can just change
> >the order in which the ldap modules are instantiated in order to achieve what they
> >want.
>
> Well, with that when is understood it right there is a Problem in this case:
> When there are two ldap instances with different basedns
>
> Radiusd.conf
>
>
> Ldap a { ...
> basedn = {a}
> ...
> }
> Ldap b { ....
> basedn = {b}
> ....
> }
>
> Users
>
> Default ldap-group == A, Auth-Type := a
>
> Default ldap-group == B, Auth-Type := b
>
>
>
> Then all users will be ldap-group checked with instance b right?!
It depends on the instantiate order of the ldap modules. If instance b was last
then yes.
> But users authenticated with the first entry must be checked with instance a.
Then use:
DEFAULT a-Ldap-Group == A, Auth-Type := a
DEFAULT b-Ldap-Group == B, Auth-Type := b
>
> Or is my understanding not o.k.?
>
> Greets to grece
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
