Redundant LDAP Servers

Jason Traeden jtraeden at overstock.com
Fri May 2 20:31:57 CEST 2008 

That did not work ether. Is there a better way to achieve ldap redundancy?
I have attached the log output from when I started radiusd -X and the login
failure.

Thanks

Jason


On 5/2/08 11:45 AM, "Alan DeKok" <aland at deployingradius.com> wrote:

> Jason Traeden wrote:
> ..
>> Ok I patched my box with this ldap.c.diff and I still have the same results.
> 
>   Hmm... the same error messages?
> 
>   Try this.  I think this one should work...
> 
>   Alan DeKok.
> Index: src/modules/rlm_ldap/rlm_ldap.c
> ===================================================================
> RCS file: /source/radiusd/src/modules/rlm_ldap/rlm_ldap.c,v
> retrieving revision 1.194
> diff -u -r1.194 rlm_ldap.c
> --- src/modules/rlm_ldap/rlm_ldap.c 17 Apr 2008 07:59:21 -0000 1.194
> +++ src/modules/rlm_ldap/rlm_ldap.c 2 May 2008 17:49:49 -0000
> @@ -160,6 +160,7 @@
>  #endif
> int             ldap_debug; /* Debug flag for LDAP SDK */
> char  *xlat_name; /* name used to xlat */
> + char  *auth_type;
> char  *tls_cacertfile;
> char  *tls_cacertdir;
> char  *tls_certfile;
> @@ -456,9 +457,17 @@
> */
> if (inst->set_auth_type) {
> DICT_VALUE *dv = dict_valbyname(PW_AUTH_TYPE, xlat_name);
> +
> +  /*
> +   * No section of *my* name, but maybe there's an
> +   * LDAP section...
> +   */
> +  if (!dv) dv = dict_valbyname(PW_AUTH_TYPE, "LDAP");
> if (!dv) {
> DEBUG2("rlm_ldap: Over-riding set_auth_type, as there is no module %s listed
> in the \"authenticate\" section.", xlat_name);
> inst->set_auth_type = 0;
> +  } else {
> +   inst->auth_type = dv->name; /* doesn't change on HUP */
> }
> } /* else no need to look up the value */
>  
> @@ -1696,8 +1705,8 @@
>    request->password &&
>    (request->password->attribute == PW_USER_PASSWORD) &&
>    !added_known_password) {
> -  pairadd(check_pairs, pairmake("Auth-Type", inst->xlat_name, T_OP_EQ));
> -  DEBUG("rlm_ldap: Setting Auth-Type = %s", inst->xlat_name);
> +  pairadd(check_pairs, pairmake("Auth-Type", inst->auth_type, T_OP_EQ));
> +  DEBUG("rlm_ldap: Setting Auth-Type = %s", inst->auth_type);
> }
>  
> DEBUG("rlm_ldap: user %s authorized to use remote access",
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-------------- next part --------------
A non-text attachment was scrubbed...
Name: log.txt
Type: application/octet-stream
Size: 24973 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080502/77361e21/attachment.obj>

More information about the Freeradius-Users mailing list