Regarding searching base dn from parent node (correct term I hope) I
did try on the weekend but to no success but retrying today worked
fine :) (quite possibly me doing more that one change at a time
I also added the filter as per your suggestion.
I appreciate the feedback as this has made things alot easier.
On 4/30/07, Ranner, Frank MR <[EMAIL PROTECTED]> wrote:
> > -----Original Message-----
> > From:
> > [EMAIL PROTECTED]
> eradius.org [mailto:freeradius-users->
> [EMAIL PROTECTED] On
> > Behalf Of Jacob Jarick
> > Sent: Sunday, 29 April 2007 20:48
> > To: FreeRadius users mailing list
> > Subject: Re: Freeradius Auth via LDAP against Active
> > Directory Server 2003
> > OK tried with 1.1.4 and yerp works great.
> > radiusd -X output: http://pastebin.ca/464153
> > radiusd.conf: http://pastebin.ca/464156
> > I also realised a mistake I have been making, see I want to
> > search the whole active directory, hence I kept setting my
> > basedn without an ou.
> > After seeing your excellent example and auth'ing had failed I
> > stuck in an OU and tried a user from the OU and worked fine.
> > So my questions is this, to auth people from multiple OU's do
> > I create a new ldap module for each OU or is their a simpler way.
> You should be able to set the base DN at the parent node, because the
> search is a subtree search. In my setup (openldap, not AD) I also
> use the base_filter directive in radiusd.conf to restrict the type of
> records to be searched. I use base_filter =
> You should use base_filter = "(objectclass=user)" This goes into the
> Section somewhere near the basedn line.
> Frank Ranner
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html