Redundant ldap Authenthication and 2 Problems

Alan DeKok aland at ox.org
Mon Jan 30 22:11:35 CET 2006


=?iso-8859-1?Q?Armin_Kr=E4mer?= <Kraemer.Armin at web.de> wrote:
> I fired up an second ldap directoy which is replicated by first one. 
> 
> My problem is that if i kill ldap1 i cant get an result from ldap2. Bit the
> database and directory is the same!

  The response of the LDAP server indicates that's not true.

> rlm_ldap: search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
>   modcall[authorize]: module "ldap2" returns notfound for request 0

  See?

> The second problem is that if both ldap1 an d ldap2 are down the eap-tls
> modul which is for authorisation goes on and authenticates the user..

  Because the authentication is done via certificates, not by LDAP.

>  How can i change that that? I want to configure the server,that if
> ldap failes the whole process fails and the user is rejected. What
> will i have to add to my redundant part?

  Read doc/configurable_failover.  Use the "always" module to return a reject.

  Alan DeKok.



More information about the Freeradius-Users mailing list