Questions about ldap authentication, huntgroup and authorize file

[Alan DeKok]

On Oct 13, 2017, at 7:56 AM, Jérôme BERTHIER <Jerome.Berthier at inria.fr> wrote:
> I found the issue.
> The attribute myldap1-Ldap-Group is unknown from the module "authorize" because its own module is not yet loaded.

  That's what the "instantiate" section is for.

> I tried both solutution :
> - define the instance "ldap myldap1 {}" in the ldap module file (linked as an enabled module)
> - define the instance "ldap myldap1 {}" in a new module file amyldap1 ( linked as an enabled module). If the module files are loaded following alphabet order then this new module should be loaded before the authorize module.

  The modules are loaded in the order that they appear in the directory.  i.e. essentially randomly.

> By default, It does not work.
> 
> So, I tried to call the instance myldap1 in the section instanciate of radiusd.conf. It fixed the problem.
> Now, I can use these attribute in the file authorize.
> 
> Moreover, I will use the section instanciate to define a unique redundant pool of ldap servers. I 'm interested in this since a while.

  That's good.

  Alan DeKok.