Redundant LDAP servers in /etc/freeradius/modules/ldap

Alan DeKok aland at
Tue Nov 27 23:58:18 CET 2018

On Nov 27, 2018, at 1:55 PM, Tom Yard <tomyyard at> wrote:
> Dear people, I have a Freeradius servers vefrsion 2.2.5 using LDAP for
> authentication.
> I have just one LDAP server defined in /etc/freeradius/modules/ldap, but
> yesterday the DC went down and Freeradius was offline.
> Is it possible to have two redundant LDAP server scheme, defining this in
> /etc/freeradius/modules/ldap:
> ldap {
>        server = ""
>        server = ""


  Some LDAP libraries will parse the server name into multiple pieces if it contains commas:

	server = "server1,server2"

  I don't recommend that, as it means that the LDAP client library is in charge of fail-over.  and they are typically terrible.

  It's better to use the fail-over mechanism in FreeRADIUS.  It works, and it's under your control.

  Alan DeKok.

More information about the Freeradius-Users mailing list