AW: differentiate authoriztion/ authentication in separate ldap modules

Hello Alan, Hachmer, Tobias wrote: - Rewrite DN? You can rewrite the DN. That's why it's editable, as the LDAP-UserDn attribute. How can I do this and how magic could I rewrite the DN? The local ldap DIT and the AD DIT are totally different (different OU structure). It is much more

Re: differentiate authoriztion/ authentication in separate ldap modules

On 4 Sep 2013, at 06:54, Hachmer, Tobias tobias.hach...@stadt-frankfurt.de wrote: Hello Alan, Hachmer, Tobias wrote: - Rewrite DN? You can rewrite the DN. That's why it's editable, as the LDAP-UserDn attribute. How can I do this and how magic could I rewrite the DN? The local

AW: differentiate authoriztion/ authentication in separate ldap modules

How can I do this and how magic could I rewrite the DN? The local ldap DIT and the AD DIT are totally different (different OU structure). It is much more than rewrite the base DN. When there's no way to determine the DN in AD DIT again I think I can achieve this more easy using ntlm_auth

Re: differentiate authoriztion/ authentication in separate ldap modules

On 4 Sep 2013, at 13:10, Hachmer, Tobias tobias.hach...@stadt-frankfurt.de wrote: How can I do this and how magic could I rewrite the DN? The local ldap DIT and the AD DIT are totally different (different OU structure). It is much more than rewrite the base DN. When there's no way to

differentiate authoriztion/ authentication in separate ldap modules

Hello list, first of all a bit background about my environment: - CentOS 6.4 - FreeRADIUS Version 2.1.12, for host x86_64-redhat-linux-gnu, built on Oct 3 2012 at 01:22:51 - OpenLDAP: slapd 2.4.23 (Apr 29 2013 07:47:08) Here we use Microsoft Active Directory (not in our

Re: differentiate authoriztion/ authentication in separate ldap modules

Am Dienstag, 3. September 2013, 07:27:47 schrieb Hachmer, Tobias: Hello list, first of all a bit background about my environment: - CentOS 6.4 - FreeRADIUS Version 2.1.12, for host x86_64-redhat-linux-gnu, built on Oct 3 2012 at 01:22:51 - OpenLDAP: slapd 2.4.23

AW: differentiate authoriztion/ authentication in separate ldap modules

As far as I know it is not possible to use a ldap module to authenticate agains AD. See this page for protocol compatibility: Thank you for the answer. But it is possible using simple bind via ldap. But that's not my problem. Regards, Tobias Hachmer - List info/subscribe/unsubscribe?

Re: differentiate authoriztion/ authentication in separate ldap modules

Hachmer, Tobias wrote: - Rewrite DN? You can rewrite the DN. That's why it's editable, as the LDAP-UserDn attribute. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html