Jorgen Rosink wrote:
We have multiple remote sites each with it's own NAS, each NAS search
for users in multiple LDAP contexts. Each NAS (read: site) has one or
more "primary" contexts, which I like to search first before looking
in all others (roaming users). At this time search order is based on
the order of LDAP module entries in the authorize {} section.
Is there a way to configure the search order of multiple LDAP contexts
based on NAS IP address ?
You could set Autz-Type based on NAS IP, and have the ldap modules with
the various ordering preferences as Autz-Type sub-sections of authorize
- see the docs for Autz-Type
I understand there is no way to do a single recursive query on a LDAP
base like o=myorg, is there some reason, or should I submit a feature
request ??? ;-)))
That's incorrect. You can search from any DN you like down an
arbitrarily deep sub-tree, assuming your LDAP server isn't e.g. a
braindead AD server which will fail.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html