On Thu, May 8, 2008 at 7:57 PM, Rob VanDusen <[EMAIL PROTECTED]> wrote:
> My current config will check via LDAP against a NetWare box and authorize > anyone in the ESB container - but I can't get it to look at any of the other > containers. I tried doing multiple instances of the LDAP module - but that > resulted in the server not authorizing anyone. You probably didn't do it right, because it should work... > How would I set this up so I can add the other O's as Base DN's? I'd really > appreciate any instructions that a slightly dim bulb could follow. Create a LDAP module for every context you want to use with RADIUS: ldap CTC { server = "<IP/FQDN>" identity = "cn=<user>, o=<container>" password = "<password>" basedn = "o=CTC" filter = "(cn=%{Stripped-User-Name:-%{User-Name}})" base_filter = "(objectclass=radiusprofile)" start_tls = yes tls_require_cert = "demand" #access_attr = "dialupAccess" dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 password_attribute = nspmPassword edir_account_policy_check=yes timeout = 4 timelimit = 3 net_timeout = 1 } ldap ESB { basedn = "o=ESB" ... etc. for all other contexts } Now refer to these modules in the Authorize and Post-Authentication (if you want eDirectory policies) by module name, like: authorize { ... CTC ESB ... } post-auth { ... CTC ESB Post-Auth-Type REJECT { CTC ESB ... } ... } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html