Hi, Markus. It appears I was incorrect, I just didn't realize the reason at the time. Thanks for helping to set me straight.
LDAP does appear to search through the directory without any trouble as long as you provide the top-level OU, my apologies. The problem I was experiencing is that my environment there are multiple top-level user OUs. The search appears to require at least a top-level OU to start in; accounts not within the structure below that top-level OU would not be found/authenticated. If I'm not mistaken, that means I need to put all the user OUs under a single top-level OU for easier searching with LDAP? Chris. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of [EMAIL PROTECTED] > Sent: Friday, August 13, 2004 3:27 PM > To: [EMAIL PROTECTED] > Subject: AW: freeRADIUS and Microsoft Active Directory > > > Hello Chris, > > We use users in different ou's and it works fine. > You have to use a basedn at the top of your ad. > > Markus > > -----Urspr�ngliche Nachricht----- > Von: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Im > Auftrag von Kellogg, Chris > Gesendet: Freitag, 13. August 2004 18:03 > An: [EMAIL PROTECTED] > Betreff: RE: freeRADIUS and Microsoft Active Directory > > > This is great information, thanks! > > By the way, I found that 'UserPrincipalName' did not work; I > used 'sAMAccountName' with success. > > It leads to a couple new questions, however. What about > people who have users broken into multiple OUs in their > Active Directory? The BaseDN option in radiusd.conf appears > to focus the username search to the particular OU container > indicated; nothing underneath that OU will be checked. It's > also apparently not possible to just give the top container > and have it search. > > I'm not an AD expert, so I might be missing a simple solution. > > I am also trying to verify membership in a specific group; > LDAP can't find it, and I'm wondering if anyone has > enountered this before. I verified the Group was in the same > OU as indicated by basedn, and the user is a member of that group. > > What have other people done in these situations? > > Chris. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
