Our setup (see below) works in the way you describe: if a valid username
is found in ldap1 return ok otherwise (notfound) OR (fail) look in
ldap2; if found return ok otherwise (notfound) OR (fail) look in ldap3
etc
modules
ldap ldap1 {
server = "localhost"
basedn = "ou=TrinityStudentLogins,dc=our-domain"
filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
start_tls = no
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
edir_account_policy_check=no
timeout = 4
timelimit = 3
net_timeout = 3
}
ldap ldap2 {
config for different ldap server or different ou
}
ldap ldap3 {
config for different ldap server or different ou
}
authorise {
preprocess
chap
mschap
suffix
redundant {
ldap1 {
fail = 1
noop = 2
notfound = 3
ok = return
reject = return
userlock = return
invalid = return
}
ldap2 {
fail = 1
noop = 2
notfound = 3
ok = return
reject = return
userlock = return
invalid = return
}
ldap3 {
fail = 1
noop = 2
notfound = 3
ok = return
reject = return
userlock = return
invalid = return
}
authenticate {
ldap1
ldap2
ldap3
chap
}
Gary Prosser
-
IT Manager
Trinity College, Bristol (http://www.trinity-bris.ac.uk)
-----Original Message-----
From: Wayne Van der Merwe <[email protected]>
Reply-To: FreeRadius users mailing list
<[email protected]>
To: [email protected]
Subject: Multiple LDAP search
Date: Wed, 4 Aug 2010 14:09:00 +0200
Hi all
I got LDAP working on FreeRADIUS Version 2.1.8, with SUSE 10.1
Now i need to do the following if the user is not found in the 1st LDAP
search, that searches in o=EC, then it must search again in o=HLT.
I would like to know where to create these files.
Thank you
Wayne van der Merwe
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
To ensure you receive email from Trinity College into your inbox, please add
@trinity-bris.ac.uk to your email safe list (also known as whitelist).
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
