ldap redundant w/ ldap-group

Jan-Piet Mens jpm at retail-sc.com
Mon Jun 27 10:26:30 CEST 2005


Dustin, 

thank you very much for this! It works like a charm, even though it is
quite ugly...

	-JP



On Fri Dec 10 2004 at 20:58:59 CET, Dustin Doris wrote:

...
> However, when I am using redundant, I cannot have this redundancy for
> Ldap-Group lookups.  It appears that for Ldap-Group lookups, only the last
> ldap instance that I create (ldap2) is actually used for Ldap-Group
> lookups.  If I take down ldap1, I can still authenticate.  I get the
> redundancy of ldap2 for autz and auth.  However, if I put ldap1 back up
> and take down ldap2, I get a failure because I cannot lookup the
> Ldap-Group, so it falls through to the reject statement.
> 
> So, reading through configurable failover, I tried instantiating both
> ldap1 and ldap2.  This was neat, because I could specify ldap1-Ldap-Group
> or ldap2-Ldap-Group.
...



More information about the Freeradius-Users mailing list