RE: ldap searching
It seems that one of our customers has a database in which it does Have duplicate users names, they were asking the following question: Would also like to know how LDAP handles duplicate user names (if the baseDN was set to O=ACME instead of OU=Users,O=ACME) If the basedn Is at the higher level there may be duplicates. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kostas Kalevras Sent: Sunday, October 31, 2004 9:54 AM To: [EMAIL PROTECTED] Subject: Re: ldap searching On Sun, 31 Oct 2004, Ron Wahler wrote: If there are multiple users in an LDAP database with the same login name what is The default behavior of the ldap module, will it stop at the first login name that Matches and compare the password ? I assume so. If I wanted it To keep comparing all the users it finds in the database until if either passes Or there is no more entries how would I configure that. The ldap module expects to find only *one* corresponding entry when searching for a user. If that does not happen it returns 'not found' That's not going to change, sorry. You could use the ldap_filter configuration directive and/or multiple ldap module instances to maybe get what you want. In any case, what you are describing is probably not the problem but the solution you imagine would work. Why don't you just describe the problem you 're facing? Thanks, Ron. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: ldap searching
If there are multiple users in an LDAP database with the same login name what is The default behavior of the ldap module, will it stop at the first login name that Matches and compare the password ? I assume so. If I wanted it To keep comparing all the users it finds in the database until if either passes Or there is no more entries how would I configure that. The ldap module expects to find only *one* corresponding entry when searching for a user. If that does not happen it returns 'not found' That's not going to change, sorry. So if there are duplicate names in LDAP it returns not found? That's ok I just want to understand how it works. Thanks, Ron. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: ldap searching
On Mon, 1 Nov 2004, Ron Wahler wrote:
It seems that one of our customers has a database in which it does
Have duplicate users names, they were asking the following question:
Would also like to know how LDAP handles duplicate user names (if the
baseDN was set to O=ACME instead of OU=Users,O=ACME)
If the basedn Is at the higher level there may be duplicates.
Do you mean that there may be:
uid=user,o=acme and uid=user,ou=users,o=acme ?
If that is the case the solution is simple:
ldap ldap1{
basedn = o=acme
scope = one
}
ldap ldap2{
basedn = ou=users,o=acme
scope = sub
}
authorize{
ldap1
ldap2
}
authenticate{
ldap1
}
The only problem is that a scope directive does not exist yet. Adding one will
not be hard though if it is needed. If that is what is needed please open a bug
request in bugs.freeradius.org.
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ldap searching
On Sun, 31 Oct 2004, Ron Wahler wrote: If there are multiple users in an LDAP database with the same login name what is The default behavior of the ldap module, will it stop at the first login name that Matches and compare the password ? I assume so. If I wanted it To keep comparing all the users it finds in the database until if either passes Or there is no more entries how would I configure that. The ldap module expects to find only *one* corresponding entry when searching for a user. If that does not happen it returns 'not found' That's not going to change, sorry. You could use the ldap_filter configuration directive and/or multiple ldap module instances to maybe get what you want. In any case, what you are describing is probably not the problem but the solution you imagine would work. Why don't you just describe the problem you 're facing? Thanks, Ron. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: ldap searching
Login Name shouldbeunique. Regards.YycAnd the vision that was planted in my brain.Still remains with the Sound of Silence. : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Ron Wahler: 2004111 0:23: [EMAIL PROTECTED]: ldap searching If there are multiple users in an LDAP database with the same login name what is The default behavior of the ldap module, will it stop at the first login name that Matches and compare the password ? I assume so. If I wanted it To keep comparing all the users it finds in the database until if either passes Or there is no more entries how would I configure that. Thanks, Ron.
