Hi, I have a question regarding LDAP structure and multiple cn of entries. My context : the directory is used by pam_ldap and freeradius for authentication on computers and network components.
The LDAP directory contains entries like the example below. The important thing is the multiple cn : dn: cn=testHost,ou=hosts,dc=company,dc=net cn: testHost cn: 10.0.0.252 uniqueMember: uid=MyUser,uid=test01,ou=users,dc=company,dc=net objectClass: top objectClass: groupOfUniqueNames objectClass: extensibleObject associatedDomain: exploitation but pam_ldap is configured to search a member in a directory entry with the following request on the host 10.0.0.252 : pam_member_attribute uniqueMember pam_groupdn cn=10.0.0.252,ou=hosts,dc=company,dc=net And it doesn't work. Apparently it searches the cn in the dn and does not find on the criteria of the secondary cn. Is it a normal way of working ? I though a cn inside an entry would work either with requests like : cn=testHost,ou=hosts,dc=company,dc=net or cn=10.0.0.252,ou=hosts,dc=company,dc=net Is it a solution to make it work like that ? Maybe in adding an alias from one to the other dn, but it's extra processing/constraints on the directory. In this case, I think I need alias dereferencing ? Thanks for your help Chris
