Jorgen Rosink wrote:
We have multiple remote sites each with it's own NAS, each NAS search for users in multiple LDAP contexts. Each NAS (read: site) has one or more "primary" contexts, which I like to search first before looking in all others (roaming users). At this time search order is based on the order of LDAP module entries in the authorize {} section.Is there a way to configure the search order of multiple LDAP contexts based on NAS IP address ?
You could set Autz-Type based on NAS IP, and have the ldap modules with the various ordering preferences as Autz-Type sub-sections of authorize - see the docs for Autz-Type
I understand there is no way to do a single recursive query on a LDAP base like o=myorg, is there some reason, or should I submit a feature request ??? ;-)))
That's incorrect. You can search from any DN you like down an arbitrarily deep sub-tree, assuming your LDAP server isn't e.g. a braindead AD server which will fail. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
