unlang and 1st of 4 ldap source fail

Gary Prosser gary.prosser at trinity-bris.ac.uk
Thu Jul 29 23:19:04 CEST 2010


Hi

I am using FreeRADIUS Version 2.0.4

On failure of the first of 4 ldap sources the freeradius server does not
continue to the next source but reports 'failed'. 

In radiusd.conf modules I have defined 4 ldap items

        ldap ldap1 {
                server = "192.168.4.250"
                identity =
"cn=LDAPBIND,cn=Users,dc=public,dc=trinity-bris,dc=ac,dc=uk"
                password = *
                basedn =
"OU=Students,DC=PUBLIC,DC=trinity-bris,DC=ac,DC=uk"

                filter = "(samAccountName=
%{%{Stripped-User-Name}:-%{User-Name}})"

                access_attr = "samAccountName"
                start_tls = no
                dictionary_mapping = ${raddbdir}/ldap.attrmap
                ldap_connections_number = 5
                edir_account_policy_check=no
                timeout = 4
                timelimit = 3
                net_timeout = 3
        }
	ldap ldap2 {
		[relevant config]
	}
	ldap ldap3 {
		[relevant config]
	}
	ldap ldap4{
		[relevant config]
	}
in authorise I have

authorize {
        preprocess
chap
mschap
        suffix
       ldap1
       if(notfound || fail){
            ldap3
            if(notfound || fail){
                ldap2
                if(notfound || fail){
                    ldap4
                }
            }
       }
        files
        pap
}

and in authenticate I have

authenticate {
          ldap1
          ldap2
          ldap3
          ldap4
          chap
}

My ldap1 source is down yet server does not continue to next, ldap3 etc
but simply reports failed. Prior to ldap source ldap1 going offline all
worked as expected ie finding valid logins in ldap3 or ldap2 or ldap4  

Is my unlang incorrect ?

Thanks, Gary

-  
IT Manager
Trinity College, Bristol (http://www.trinity-bris.ac.uk)



To ensure you receive email from Trinity College into your inbox, please add @trinity-bris.ac.uk to your email safe list (also known as whitelist).




More information about the Freeradius-Users mailing list