Two LDAP-Servers

Mon, 18 Apr 2005 04:34:37 -0700 

Hello,

i tried to implement freeradius 0.8 with two ldapservers for authentication.
i want freeradius to check the one ldap-server first, if user not found, the 
other server shoud be asked.

But the second server will only be used by the radius-server, if the first 
server is unreachable. If user is not found in server ldap1 freeradius says:

rlm_ldap: object not found or got ambiguous search result
ldap_release_conn: Release Id: 0
  modcall[authenticate]: module "ldap1" returns notfound
modcall: group authtype returns notfound
auth: Failed to validate the user.


Can anyone help me?

Best regards

chris



_____________________________________________


ldapconfig in "radiusd.conf":
        ldap    ldap1 {
                server = "sldap1.mydomain.de"
                        identity = "cn=user,o=level1"
                        password = ""
                        basedn = "o=level1"
                        filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
                        start_tls = no
                        dictionary_mapping = ${raddbdir}/ldap.attrmap
                        ldap_connections_number = 5
                        password_attribute = userPassword
                        timeout = 4
                        timelimit = 3
                        net_timeout = 1
                notfound = 1
        }


ldapconfig in radiusd.conf:
        ldap    ldap2 {
                server = "sldap2.mydomain.de"
                        identity = "cn=user,o=level1"
                        password = ""
                        basedn = "o=level2"
                        filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
                        start_tls = no
                        dictionary_mapping = ${raddbdir}/ldap.attrmap
                        ldap_connections_number = 5
                        password_attribute = userPassword
                        timeout = 4
                        timelimit = 3
                        net_timeout = 1
                notfound = 1
        }


authorize {
        preprocess
                chap
                mschap
                suffix
                files
                autztype LDAP {
                        redundant {
                        ldap1
                        ldap2
                        notfound = 1
                }
        }
}



authenticate {
        authtype PAP {
                pap
        }
        authtype CHAP {
                chap
        }
        authtype MS-CHAP {
                mschap
        }
        unix

        authtype LDAP {
                ldap1
                ldap2
        }
}
preacct {
        preprocess
        suffix
        files
}


file "user" contains:
DEFAULT Auth-Type := LDAP
        Fall-Through = 1

DEFAULT Service-Type == Framed-User
        Framed-IP-Address = 255.255.255.254,
        Framed-MTU = 576,
        Service-Type = Framed-User,
        Fall-Through = Yes
DEFAULT Framed-Protocol == PPP
        Framed-Protocol = PPP,
        Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "CSLIP"
        Framed-Protocol = SLIP,
        Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "SLIP"
        Framed-Protocol = SLIP

Reply via email to