freeradius with multiple ldap servers

Sambuddho Chakravarty sc2516 at columbia.edu
Thu Jun 19 19:50:23 CEST 2008 

Do you mean something like this 
   
  authorize {
	redundant {
	 ldap1 
	ldap2 
         }
	}

   authenticate {
	ldap1
	ldap2
	}

The reason I list them here is to use them for authentication against
multiple LDAP servers whose configuration information is in the two
files modules/ldap1 and modules/ldap2. Does this look valid ?

Thanks
Sambuddho
      
On Thu, 2008-06-19 at 09:35 +0200, Alan DeKok wrote:
> Sambuddho Chakravarty wrote:
> > Yes , but on a freeradius-2.05 , when I create a separate authenticate
> > {} and authorize {} subsection and plug in the following :
> > 
> > authorize {
> >        Autz-Type LDAP {
> 
>   You don't need to use Autz-Type in 2.0.
> 
> > authenticate {
> >        Auth-Type LDAP{
> >         redundant{
> 
>   Don't use redundant sections here.  Just list the two LDAP modules
> independently.  The LDAP server that was used in the authorize section
> will ensure that it is also used in the authenticate section.
> 
> >           ${confdir}/modules/ldap1
> 
>   And I hope that's not what I think it is.
> 
> > It doesn't work.
> 
>   See the FAQ for "it doesn't work".
> 
> > Here the ldap1 and ldap2 are two separate files in
> > the /etc/raddb/modules directory and have separate ldap server IP
> > addresses. Can anyone please point out to me where I am going wrong ?
> 
>   Lots.  The major one is that you are putting the module
> *configuration* into the authorize and authenticate sections.  I have no
> idea why you think that's a good idea.  The examples included in the
> server DO NOT DO THIS.
> 
>   The files in the "modules" directory belong in the "modules" section
> of radiusd.conf.  This is documented in the comments, and in many examples.
> 
>   The entries in the "authorize" and "authenticate" sections are simply
> a one-word reference to the name of a module.  Again, this is documented
> in the comments and in many examples.
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list