ldap redundancy & Ldap-Group checkItem in user file

Fred fred.maison at gmail.com
Mon Jan 25 17:32:13 CET 2010


ldap redundancy & Ldap-Group checkItem in user file
Hi all,
I try to migrate a freeradius 1 (where ldap failover was not working)
to freeradius 2 and I have some difficulties to configure LDAP
failover :
As Ldap-Group is registered with individual ldap instances name, (ei
ldap1-Ldap-Group & ldap2.Ldap-Group), it seems to be necessary to
reference ldap servers twice in users file checkItems :

ldap1-Ldap-Group == xyz
ldap2-Ldap-Group == xyz
.....


I don't see how to make freeradius register to somethink like ldapRedundant.
Is there any way to do that ?

Despite those attributes are instanciated, I can't have them checked
in file users

Ldap-Group were checked previously  via files, users and huntgroups like this :

# users :
DEFAULT Huntgroup-Name == ras, NAS-Port-Type == Virtual , Ldap-Group
== ras, User-Profile :=
"uid=ras,ou=profiles,ou=radius,dc=mydomain,dc=local"
        Fall-Through = no

DEFAULT Huntgroup-Name == ras, Service-Type == Login , Ldap-Group ==
ras, User-Profile :=
"uid=login,ou=profiles,ou=radius,dc=mydomain,dc=local"
        Fall-Through = no

# huntgroups
ras NAS-IP-Address == 10.1.1.1
login NAS-IP-Address == 10.1.1.1

ras NAS-IP-Address == 10.1.2.1
login NAS-IP-Address == 10.1.2.1

ras NAS-IP-Address == 10.1.3.1
login NAS-IP-Address == 10.1.3.1


freeradius -X
FreeRADIUS Version 2.1.8 ......
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Creating new attribute ldap1-Ldap-Group
......
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Creating new attribute ldap2-Ldap-Group
....

Best regards,
Fred MAISON



More information about the Freeradius-Users mailing list