Hi,
I have a freeradius server which is authenticating users against Openldap
and according to the attribute memberOf is assigned a VLAN (this part works
fine).
Now I would like to extend this functionality for the users in Active
Directory (2012 R2).
My OpenLdap's main DN is: dc=seminary,dc=local, and has 5 OU's each with
their own users.
My Active Direcotry's main ND is: dc=seminary,dc=local too but has only 1
OU which distinguishedName is ou=School,dc=seminary,dc=local.
A few questions:
1) Will this be possible? I need only to authenticate the user and that's
it - any password modifications will be done only through Active Directory
domain.
2) I was thinking to use the back_ldap and rwm Openldap modules. But ended
up entering a problem with this ldif: (since the olcDbACLPasswd is
deprecated)
radius@radius:~$ cat proxy2.ldif
dn: olcDatabase={1}mdb,cn=config
changetype: add
olcdatabase: ldap
olcReadOnly: TRUE
olcDbProtocolVersion: 3
olcSuffix: dc=seminary,dc=local
olcRootDN: ou=school,dc=seminary,dc=local
olcDBUri: "ldap://192.168.100.129:389"
olcDbRebindAsUser: TRUE
olcoverlay: rwm
olcRwmMap: attribute cn distinguishedName
olcRwmMap: attribute mail mail
olcRwmMap: attribute uid sAMAccountName
olcRwmMap: objectClass posixAccount person
olcRwmMap: objectClass memberUid member
olcRwmMap: attribute memberOf memberOf
#olcDbIDAssertBind: bindmethod=simple
#olcDbIDAssertMode: none
olcDbIDAssertBind: cn=Ldap Binder,dc=seminary,dc=local
olcDbACLPasswd: PASS!
Any idea how I can go through this issue?
Will this work after all?
Thanks and best regards
Matthew
Matthew Pulis
web:
www.matthewpulis.info
mob: +356 79539404