[RADIATOR] AuthBy LDAP2 to AD
Heikki Vatiainen
hvn at open.com.au
Tue Dec 22 15:08:28 CST 2015
On 12/20/2015 09:49 PM, Hartmaier Alexander wrote:
> @Heikki: could you add a section in the AuthBy LDAP2 which covers the
> topic Microsoft Active Directory?
I've made a ticket for this including these:
- Global catalog ports
- ServerChecksPassword - can't get user credentials from AD
- AttrsWithBaseScope - for AD constructed attributes e.g., tokenGroups
for getting group and nested group membership information
- Differences with non-AD LDAP servers - anything else than the above?
One thing I'd like to ask you about Global Catalog: If the Base DN is
not empty, does it affect the search results? You wrote that it should
be left empty, however, I so far I have thought it's fine to specify a
Base DN.
See for example this doc, and search for 'non-instantiated'. As I
understand it, it says base DN that is empty or anything else is fine.
https://technet.microsoft.com/en-us/library/how-global-catalog-servers-work(v=ws.10).aspx
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list