Redundant LDAP servers in /etc/freeradius/modules/ldap
Alan DeKok
aland at deployingradius.com
Tue Nov 27 23:58:18 CET 2018
On Nov 27, 2018, at 1:55 PM, Tom Yard <tomyyard at gmail.com> wrote:
>
> Dear people, I have a Freeradius servers vefrsion 2.2.5 using LDAP for
> authentication.
>
> I have just one LDAP server defined in /etc/freeradius/modules/ldap, but
> yesterday the DC went down and Freeradius was offline.
>
> Is it possible to have two redundant LDAP server scheme, defining this in
> /etc/freeradius/modules/ldap:
>
> ldap {
> server = "server1.company.com"
> server = "server2.company.com"
No.
Some LDAP libraries will parse the server name into multiple pieces if it contains commas:
server = "server1,server2"
I don't recommend that, as it means that the LDAP client library is in charge of fail-over. and they are typically terrible.
It's better to use the fail-over mechanism in FreeRADIUS. It works, and it's under your control.
Alan DeKok.
More information about the Freeradius-Users
mailing list