LDAP, old TCP connections, and retry

Justin Steward althalus87 at gmail.com
Wed Mar 10 00:56:09 CET 2010

Hi Guys,

A few quick questions on tweaking rlm_ldap for freeradius.

Question 1:
The LDAP server which the radius server attempts to connect to is
located behind a firewall which kills TCP connections that have been
idle for 30 minutes. FR then tries to do a lookup using a connection
that has been open and idle for half an hour or more, and the firewall
drops the now invalid connection.

How can I force an idle timeout on LDAP connections in FR?

Question 2:
>From the information I have been given, it appears that if the
connection times out, LDAP does not attempt to retry.

Is there a way to force FR to make 1 or 2 attempts at retrying the
connection before giving up on LDAP?

The current situation is causing many headaches trying to log in, and
the client is reluctant to relax their firewall for a number of

Many Thanks,
Justin Steward

More information about the Freeradius-Users mailing list