Hi Alan,
I fail to understand why people do this. Firewall two critical components, and then *increase* failure by having the FW break TCP connections.
Unfortunately I don't get to decide what the network looks like, I just have to find a way to work with what I'm given.
How can I force an idle timeout on LDAP connections in FR?
Change the source code in rlm_ldap.
I was hoping you wouldn't say that. Although I was more or less expecting it.
Question 2:
From the information I have been given, it appears that if the connection times out, LDAP does not attempt to retry.
Is there a way to force FR to make 1 or 2 attempts at retrying the connection before giving up on LDAP?
Change the source code.
The current situation is causing many headaches trying to log in, and the client is reluctant to relax their firewall for a number of reasons.
<shrug> They chose to destroy their own network. I'm not surprised they're hesitant to fix it.
I think the main problem is their firewall vendor thinks that's the right way to do it. Anyway, thanks for your response. I'll see what I can do with the source. Kind Regards, Justin Steward