Configuration trouble with fail-over
Guillaume Rousse
Guillaume.Rousse at inria.fr
Tue Apr 29 16:48:45 CEST 2008
Alan DeKok a écrit :
> Guillaume Rousse wrote:
>> It does. But clarification between what's old and what's new syntax
>> doesn't harm.
>
> The new syntax is documented, and is preferred. If you try the old
> one (undocumented and deprecated), it works. What needs clarification?
It is not documented in the rlm_ldap file shipped in top-level directory
(at least for release 2.0.0). The fact that there is a huge redundancy
between this file and comments in default configuration files doesn't
help maintaining a reference documentation.
>> Right, but that seems to be only a syntax difference, refering to a
>> named instance of the LDAP module. One would expect the code to be more
>> robust, or at least the problem documented somewhere.
>
> It is very difficult to determine what is *supposed* to happen inside
> of an authentication section. if you have suggestions for how to make
> that determination, I'm interested.
No, especially as I got no clue about freeradius internals.
> And the problem is documented: the debug log prints out a warning
> message, as you saw.
>
>> If I understand correctly, there no way to help the rlm_module
>> understand I'm using it for autentication, as I use a complex synta, so
>> I have to set it up explicitely, right ?
>
> Yes.
>
>> In this case, I think this
>> deserve some explanation in the rlm_ldap documentation, such as:
>> "Warning, if the LDAP module is not directly referenced to in
>> authentication section, such as a failover configuration using named
>> aliases, this setting will be disabled".
>
> The same problem applies to other modules, so it needs to be
> documented in one place.
Indeed.
--
Guillaume Rousse
Moyens Informatiques - INRIA Futurs
Tel: 01 69 35 69 62
More information about the Freeradius-Users
mailing list