I have freeradius setup to use 2 ldap servers as backend authentication. One is openldap and the other is windows active directory. They have different basedn structures and these are laid out separately in the conf file. I have it setup to authenticate off of active directory first and openldap second. Everything is working fine except for the case of a user who's openldap username is the same as someone in active directory. In the authorize stage it looks in both AD and ldap. In the authenticate stage it queries both AD and ldap. The problem is that in the authenticate stage it uses the basedn of the server that returns the first ok in the authorize stage. So if the username is in both AD and ldap, openldap rejects the user because it is using the AD basedn to query the openldap server.
Is there a way for me to force the basedn for the ldap server regardless of which server returned the first ok? Thanks in advance g - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
