On 12/20/2015 09:49 PM, Hartmaier Alexander wrote: > @Heikki: could you add a section in the AuthBy LDAP2 which covers the > topic Microsoft Active Directory?
I've made a ticket for this including these: - Global catalog ports - ServerChecksPassword - can't get user credentials from AD - AttrsWithBaseScope - for AD constructed attributes e.g., tokenGroups for getting group and nested group membership information - Differences with non-AD LDAP servers - anything else than the above? One thing I'd like to ask you about Global Catalog: If the Base DN is not empty, does it affect the search results? You wrote that it should be left empty, however, I so far I have thought it's fine to specify a Base DN. See for example this doc, and search for 'non-instantiated'. As I understand it, it says base DN that is empty or anything else is fine. https://technet.microsoft.com/en-us/library/how-global-catalog-servers-work(v=ws.10).aspx Thanks, Heikki -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
