LDAP, old TCP connections, and retry
Justin Steward
althalus87 at gmail.com
Wed Mar 10 23:29:07 CET 2010
Hi Alan,
>
> I fail to understand why people do this. Firewall two critical
> components, and then *increase* failure by having the FW break TCP
> connections.
>
Unfortunately I don't get to decide what the network looks like, I
just have to find a way to work with what I'm given.
>> How can I force an idle timeout on LDAP connections in FR?
>
> Change the source code in rlm_ldap.
I was hoping you wouldn't say that. Although I was more or less expecting it.
>
>> Question 2:
>>>From the information I have been given, it appears that if the
>> connection times out, LDAP does not attempt to retry.
>>
>> Is there a way to force FR to make 1 or 2 attempts at retrying the
>> connection before giving up on LDAP?
>
> Change the source code.
>
>> The current situation is causing many headaches trying to log in, and
>> the client is reluctant to relax their firewall for a number of
>> reasons.
>
> <shrug> They chose to destroy their own network. I'm not surprised
> they're hesitant to fix it.
I think the main problem is their firewall vendor thinks that's the
right way to do it.
Anyway, thanks for your response. I'll see what I can do with the source.
Kind Regards,
Justin Steward
More information about the Freeradius-Users
mailing list