Redundant ldap Authenthication and 2 Problems

Armin Krämer Kraemer.Armin at web.de
Mon Jan 30 20:52:31 CET 2006 

Hi, at the moment i trying to get my ldap authetication working with
redundant ldap directorys. 
I made a second ldap modul and the following entry at the authentication
part

Redundant{
	ldap1
	ldap2
	}
I fired up an second ldap directoy which is replicated by first one. 

My problem is that if i kill ldap1 i cant get an result from ldap2. Bit the
database and directory is the same!
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 192.168.1.4:389, authentication 0
rlm_ldap: bind as cn=freeradius,ou=admins,ou=radius,dc=XXX,dc=de/freeradius
to 192.168.1.4:389
rlm_ldap: cn=freeradius,ou=admins,ou=radius,dc=XXX,dc=de bind to
192.168.1.4:389 failed: Can't contact LDAP server
rlm_ldap: (re)connection attempt failed
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap1" returns fail for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for Notebook-XXX.de
radius_xlat:  '(&(uid=Notebook-AK.XXX.de)(objectclass=radiusprofile))'
radius_xlat:  'ou=users,ou=radius,dc=XXX,dc=de'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 192.168.1.5:389, authentication 0
rlm_ldap: bind as cn=freeradius,ou=admins,ou=radius,dc=XXX,dc=de/freeradius
to 192.168.1.5:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=users,ou=radius,dc=XXX,dc=de, with filter
(&(uid=Notebook-AK.XXX.de)(objectclass=radiusprofile))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap2" returns notfound for request 0
modcall: group redundant returns notfound for request 0
modcall: group authorize returns updated for request 0


The second problem is that if both ldap1 an d ldap2 are down the eap-tls
modul which is for authorisation goes on and authenticates the user.. How
can i change that that? I want to configure the server,that if ldap failes
the whole process fails and the user is rejected. What will i have to add to
my redundant part?

Hope this is understandable?

Mit freundlichen Grüßen

Armin

More information about the Freeradius-Users mailing list