[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: LDAP auth in two sources
From:       tnt () kalik ! net
Date:       2009-11-27 17:09:15
Message-ID: 64338.87.194.16.13.1259341755.squirrel () www ! kalik ! net
[Download RAW message or body]

> IMHO i must see when connecting to first server:
>
> [tam] user DN: uid=vmendelevich,o=tamknown
>
> and this when to second:
>
> [lotus] user DN: uid=vmendelevich,o=tsas
>
> i think this happend because expanding is made only once:
>
> +- entering group tam {...}
> [tam] login attempt by "vmendelevich" with password
> "33333333"
> [tam] 	expand: (uid=%{User-Name}) -> (uid=vmendelevich)
> [tam] 	expand: o=tamknown -> o=tamknown

Correct. I don't know why second instance didn't expand. Perhaps you
should file the bug report and see if Alan will fix this. I know that you
should try to avoid ldap authentication but if you can have different
passwords for the same user (which is very bad design) in redundant ldap
servers, doing redundant authentication is the only way.

Can you list tam and lotus in authorize section and just make sure that
expansion works as expected there.

Ivan Kalik

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]