Redundant ldap Authenthication and 2 Problems
Alan DeKok
aland at ox.org
Mon Jan 30 22:11:35 CET 2006
=?iso-8859-1?Q?Armin_Kr=E4mer?= <Kraemer.Armin at web.de> wrote:
> I fired up an second ldap directoy which is replicated by first one.
>
> My problem is that if i kill ldap1 i cant get an result from ldap2. Bit the
> database and directory is the same!
The response of the LDAP server indicates that's not true.
> rlm_ldap: search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap2" returns notfound for request 0
See?
> The second problem is that if both ldap1 an d ldap2 are down the eap-tls
> modul which is for authorisation goes on and authenticates the user..
Because the authentication is done via certificates, not by LDAP.
> How can i change that that? I want to configure the server,that if
> ldap failes the whole process fails and the user is rejected. What
> will i have to add to my redundant part?
Read doc/configurable_failover. Use the "always" module to return a reject.
Alan DeKok.
More information about the Freeradius-Users
mailing list