> In the authorize stage it looks in both AD and ldap. In the > authenticate stage it queries both AD and ldap. The problem > is that in the authenticate stage it uses the basedn of the > server that returns the first ok in the authorize stage. So > if the username is in both AD and ldap, openldap rejects the > user because it is using the AD basedn to query the openldap > server. > > Is there a way for me to force the basedn for the ldap > server regardless of which server returned the first ok? >
How do you have this setup? Check out doc/configurable_failover. That should show you how to do it. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html