> IMHO i must see when connecting to first server: > > [tam] user DN: uid=vmendelevich,o=tamknown > > and this when to second: > > [lotus] user DN: uid=vmendelevich,o=tsas > > i think this happend because expanding is made only once: > > +- entering group tam {...} > [tam] login attempt by "vmendelevich" with password > "33333333" > [tam] expand: (uid=%{User-Name}) -> (uid=vmendelevich) > [tam] expand: o=tamknown -> o=tamknown
Correct. I don't know why second instance didn't expand. Perhaps you should file the bug report and see if Alan will fix this. I know that you should try to avoid ldap authentication but if you can have different passwords for the same user (which is very bad design) in redundant ldap servers, doing redundant authentication is the only way. Can you list tam and lotus in authorize section and just make sure that expansion works as expected there. Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html