> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Dustin Doris > Sent: Tuesday, June 14, 2005 12:51 PM > To: FreeRadius users mailing list > Subject: Re:LDAP basedn context > > > > Correct, it is unable to find the user. When set at a > higher context I receive the following error: > > > > rlm_ldap: performing search in o=wheaton, with filter (cn=testacct) > > rlm_ldap: object not found or got ambiguous search result > > rlm_ldap: search failed > > > > My ldap config is as follows. If I change the basedn to > where the user is located (ou=cs,ou=srvc,o=wheaton) then it works. > > > > ldap test-ldap{ > > server = "ldapserver.wheaton.edu" > > identity = "cn=admin,o=wheaton" > > password = password > > basedn = "o=wheaton" > > filter = "(cn=%{Stripped-User-Name:-%{User-Name}})" > > start_tls = yes > > > > tls_cacertfile = > /etc/raddb/certs/wheatonCA/wheatonca.b64 > > tls_require_cert = "demand" > > > > access_attr = "cn" > > dictionary_mapping = ${raddbdir}/ldap.attrmap > > ldap_connections_number = 5 > > password_attribute = nspmPassword > > timeout = 4 > > timelimit = 3 > > net_timeout = 1 > > } > > > > matt... > > > > > > >> Is it possible to specify the basedn above where the > users are actually > > >> located and have freeradius find the user in a > subcontext? For instance > > >> if my ldap is setup as ou=users1,ou=loc1,o=org and > > >> ou=users2,ou=loc2,ou=o=org can I specify basedn="o=org" > and find users > > >> in both users1 and users2? > > >> > > > Hmmm, I thought it did a subtree search, maybe not. You could use > configurable_failover to search both trees.
FWIW, I am taking advantage of subtree search and it works fine. I don't see anything in his setup that would prevent it from happening. > > in radiusd.conf make two ldap instances with the same config > except the > basedn. > > ldap ldap1 { > config with one basedn > } > > ldap ldap2 { > config with other basedn > } > > in authorize section define them as a group > > authorize { > group { > ldap1 > ldap2 > } > } > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html