Hi, I have a freeradius server which is authenticating users against Openldap and according to the attribute memberOf is assigned a VLAN (this part works fine). Now I would like to extend this functionality for the users in Active Directory (2012 R2). My OpenLdap's main DN is: dc=seminary,dc=local, and has 5 OU's each with their own users. My Active Direcotry's main ND is: dc=seminary,dc=local too but has only 1 OU which distinguishedName is ou=School,dc=seminary,dc=local. A few questions: 1) Will this be possible? I need only to authenticate the user and that's it - any password modifications will be done only through Active Directory domain. 2) I was thinking to use the back_ldap and rwm Openldap modules. But ended up entering a problem with this ldif: (since the olcDbACLPasswd is deprecated) radius@radius:~$ cat proxy2.ldif dn: olcDatabase={1}mdb,cn=config changetype: add olcdatabase: ldap olcReadOnly: TRUE olcDbProtocolVersion: 3 olcSuffix: dc=seminary,dc=local olcRootDN: ou=school,dc=seminary,dc=local olcDBUri: "ldap://192.168.100.129:389" olcDbRebindAsUser: TRUE olcoverlay: rwm olcRwmMap: attribute cn distinguishedName olcRwmMap: attribute mail mail olcRwmMap: attribute uid sAMAccountName olcRwmMap: objectClass posixAccount person olcRwmMap: objectClass memberUid member olcRwmMap: attribute memberOf memberOf #olcDbIDAssertBind: bindmethod=simple #olcDbIDAssertMode: none olcDbIDAssertBind: cn=Ldap Binder,dc=seminary,dc=local olcDbACLPasswd: PASS! Any idea how I can go through this issue? Will this work after all? Thanks and best regards Matthew Matthew Pulis web: www.matthewpulis.info mob: +356 79539404