Hi,

my current problem has already been discussed on this list --
here's a snippet from Nov 2004:

"Ron Wahler" <[EMAIL PROTECTED]> asked:
> > It seems that one of our customers has a database in which it does
> > Have duplicate users names, they were asking the following question:
> >
> > "Would also like to know how LDAP handles duplicate user names (if the
> > baseDN was set to O=ACME instead of OU=Users,O=ACME)"
> >
> > If the basedn Is at the higher level there may be duplicates.

Kostas Kalevras <[EMAIL PROTECTED]> replied:
> Do you mean that there may be:
>
> uid=user,o=acme and uid=user,ou=users,o=acme ?
>
> If that is the case the solution is simple:
>
> ldap ldap1{
>         basedn = "o=acme"
>         scope = "one"
> }
> ldap ldap2{
>         basedn = "ou=users,o=acme"
>         scope = "sub"
> }
>
> authorize{
>         ldap1
>         ldap2
> }
>
> authenticate{
>         ldap1
> }
>
> The only problem is that a scope directive does not exist yet. Adding one
> will not be hard though if it is needed. If that is what is needed please
> open a bug request in bugs.freeradius.org.

Due to a reorganization of our LDAP tree, we will need to duplicate our 
15.000+ account entries in a new, separate subtree, located below the 
old one. During migration (which will hopefully run overnight, but 
certainly take severeal hours), services should be kept running as good 
as possible. So I'm going to face exactly the situation described above. 
To make the LDAP search result unique, 
> ldap ldap1{
>         basedn = "o=acme"
>         scope = "one"
would do the job for me. Has such a directive been implemented?

Thanks, Martin

-- 
  Dr. Martin Pauly     Fax:    49-6421-28-26994            
  HRZ Univ. Marburg    Phone:  49-6421-28-23527
  Hans-Meerwein-Str.   E-Mail: [EMAIL PROTECTED]  
  D-35032 Marburg                                                           
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to