LDAP server failover in FreeRADIUS 2.1

up at 3.am up at 3.am
Thu Jun 16 15:53:31 CEST 2011


I can tell that ldap failover config is a FAQ by the number of hits I found
searching for this, but it seems that many of the config examples are for
older versions of FreeRADIUS.  In any case, this is what I've tried, but it's
not working:

In radiusd.conf:

	ldap ldap1{
		server = "serverA.domain.com"
		basedn = "dc=domain,dc=com"
		filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
		ldap_connections_number = 5
		timeout = 4
		timelimit = 3
		net_timeout = 1
		tls {
			start_tls = no

		}
		dictionary_mapping = ${confdir}/ldap.attrmap
		edir_account_policy_check = no
		set_auth_type = no

	}

	ldap ldap2{
		server = "serverB.domain.com"
		basedn = "dc=domain,dc=com"
		filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
		ldap_connections_number = 5
		timeout = 4
		timelimit = 3
		net_timeout = 1
		tls {
			start_tls = no
		}
		dictionary_mapping = ${confdir}/ldap.attrmap
		edir_account_policy_check = no
		set_auth_type = yes
	}

-----------

This is what I put in sites-enabled/default AND in sites-enabled/inner-tunnel
(it doesn't look right to me, but it's what I found):

authorize {
	preprocess
		redundant LDAP{
    			ldap1
    			ldap2
    			}

	Auth-Type LDAP {
		ldap1
		ldap2
	}
-------------

Again, sorry for the FAQ, but if somebody could put me straight here, I'd
appreciate it.





More information about the Freeradius-Users mailing list