redundancy/failover support for LDAP xlat
Kenneth Marshall
ktm at rice.edu
Wed Mar 7 16:57:29 CET 2007
Dear FreeRADIUS users,
I am working on setting up LDAP failover for my radius servers.
I currently have two instances defined in the modules section:
ldap ldap1 {...}
ldap ldap2 {...}
and have a redundant section in authorize:
redundant {
ldap1
ldap2
}
This is correctly making the connection to the ldap server.
However, in the users file I am using the ldap_xlat process
to send the appropriate Class definition back to the network
gear:
DEFAULT Auth-Type = Kerberos, NAS-IP-Address == x.y.z.g
Class = "OU=%{ldap:ldap:///dc=rice,dc=edu?Class?sub?uid=%u}"
The problem is that that this does not work unless I define a specific
instance for the xlat process. This does not allow it to failover to
the working server. Does anyone have any ideas about how to implement
such functionality?
Ken Marshall
More information about the Freeradius-Users
mailing list