multiple ldap servers

Alan DeKok aland at deployingradius.com
Fri May 4 16:14:17 CEST 2012


jeff donovan wrote:
> I'm new to radius but have been reading.

  That's always positive.

> how can i search and alternate LDAP server for user credentials ?
> If the first LDAP search fails try the next server in line. 

  Do you mean "fail" or "notfound"?  They're different...

> I found some documentation-
> * http://freeradius.org/radiusd/doc/ldap_howto.txt  does not mention a
> second server.
> *http://freeradius.org/radiusd/doc/configurable_failover explains the
> redundant setup for sql accounting. 

  See also "man unlang".  It explains this in more detail.

> so far I tried adding the second ldap server, it's info is read during
> module load -- no errors. The problem is,.. only one of the ldap systems
> contains the correct info. So one WILL fail and the other will pass. 
> with that being said,.. How do i configure my server to Pass if either
> system returns " ok " ? currently it will fail even if one LDAP system
> returns good.

  That's because you're using a "redundant" block.  It treats "notfound"
as "LDAP server is still up", and it doesn't fail over to the next one.
 Because there was no failure!

> authorize {
...
>     redundant {
> ldap1
> ldap2
>     }

  Change that to:

	ldap1
	if (notfound) {
		ldap2
	}

  And it will work.

  Alan DeKok.


More information about the Freeradius-Users mailing list