On 4 Sep 2013, at 06:54, "Hachmer, Tobias" <tobias.hach...@stadt-frankfurt.de> wrote:
> Hello Alan, > >>> Hachmer, Tobias wrote: >>> - Rewrite DN? >> You can rewrite the DN. That's why it's editable, as the LDAP-UserDn >> attribute. > > How can I do this and how "magic" could I rewrite the DN? > The local ldap DIT and the AD DIT are totally different (different OU > structure). It is much more than rewrite the base DN. > When there's no way to determine the DN in AD DIT again I think I can achieve > this more easy using ntlm_auth because I just want to check the password > against AD, am I right? > Yes. update control { LDAP-BaseDN !* ANY } open_ldap.authorize open_ldap Or the other way around to auth against AD. -Arran Arran Cudbard-Bell <a.cudba...@freeradius.org> FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html