Guillaume Rousse wrote:
It does. But clarification between what's old and what's new syntax doesn't harm.
The new syntax is documented, and is preferred. If you try the old one (undocumented and deprecated), it works. What needs clarification?
Right, but that seems to be only a syntax difference, refering to a named instance of the LDAP module. One would expect the code to be more robust, or at least the problem documented somewhere.
It is very difficult to determine what is *supposed* to happen inside of an authentication section. if you have suggestions for how to make that determination, I'm interested. And the problem is documented: the debug log prints out a warning message, as you saw.
If I understand correctly, there no way to help the rlm_module understand I'm using it for autentication, as I use a complex synta, so I have to set it up explicitely, right ?
Yes.
In this case, I think this deserve some explanation in the rlm_ldap documentation, such as: "Warning, if the LDAP module is not directly referenced to in authentication section, such as a failover configuration using named aliases, this setting will be disabled".
The same problem applies to other modules, so it needs to be documented in one place. Alan DeKok.