redundant-load-balance and Ldap-Group
Alexander Clouter
alex at digriz.org.uk
Mon Oct 20 15:24:47 CEST 2008
Hi,
Elizabeth Steinke <liz at twistedpair.cc> wrote:
>
> Since we have other applications that don't and probably never will preform redundant
> LDAP lookups I'm thinking I will just an LDAP VIP to the LVS server. I am still willing
> to try an solutions in my lab for the sake of having it in the list archives :)
>
Alan's not keen on it and grumbles that it uses attr_rewrite, but it works for me:
http://bugs.freeradius.org/show_bug.cgi?id=592
If you need an update of the patch for FreeRADIUS in git then do pester me.
In your config you are looking to add something like the following, if it's unclear then
do pester me offlist. This has been working fine for me for nearly two months:
-------
post-auth {
...
redundant-load-balance {
ldap1_get-host-dn
ldap2_get-host-dn
}
...
}
modules {
...
attr_rewrite ldap1_get-host-dn {
attribute = Tmp-String-2
searchin = config
searchfor = "^.*$"
replacewith = "%{ldap_soasauth-nd1:ldap:///ou=Hosts,ou=LanWarden,o=soas?dn?sub?(&(objectClass=lanwardenHost)(lanwardenHostState=enable)(cn=%{control:Tmp-String-0})%{control:Tmp-String-1})}"
new_attribute = yes
max_matches = 1
append = no
}
attr_rewrite ldap2_get-host-dn {
attribute = Tmp-String-2
searchin = config
searchfor = "^.*$"
replacewith = "%{ldap_soasauth-nd2:ldap:///ou=Hosts,ou=LanWarden,o=soas?dn?sub?(&(objectClass=lanwardenHost)(lanwardenHostState=enable)(cn=%{control:Tmp-String-0})%{control:Tmp-String-1})}"
new_attribute = yes
max_matches = 1
append = no
}
...
}
---------
Might find the following helpful too:
http://bugs.freeradius.org/show_bug.cgi?id=544
http://stuff.digriz.org.uk/freeradius/
Cheers
Alex
More information about the Freeradius-Users
mailing list