3.64.5. BaseDN Previous topic Parent topic Child topic Next topic

This is the base DN where searches will be made. For each authentication request, Radiator does a SUBTREE search starting at BaseDN, looking for a UsernameAttr that exactly matches the user name in the radius request (possibly after user name rewriting).
Special formatting characters are permitted. %0 is replaced by UsernameAttr and %1 by the user name, whose token is searched.
Here is an example of using BaseDN with <AuthBy LDAPDIGIPASS>:
# Start looking here
BaseDN o=University of Michigan, c=US
On some LDAP servers, you can get a significant performance increase by narrowing the search to the exact uid you are interested in. This example restricts the search to uid=username,ou=foo,o=bar,c=au:
BaseDN      %0=%1,ou=foo,o=bar,c=au
Scope       base