multiple ldap servers
Alan DeKok
aland at deployingradius.com
Fri May 4 16:14:17 CEST 2012
jeff donovan wrote:
> I'm new to radius but have been reading.
That's always positive.
> how can i search and alternate LDAP server for user credentials ?
> If the first LDAP search fails try the next server in line.
Do you mean "fail" or "notfound"? They're different...
> I found some documentation-
> * http://freeradius.org/radiusd/doc/ldap_howto.txt does not mention a
> second server.
> *http://freeradius.org/radiusd/doc/configurable_failover explains the
> redundant setup for sql accounting.
See also "man unlang". It explains this in more detail.
> so far I tried adding the second ldap server, it's info is read during
> module load -- no errors. The problem is,.. only one of the ldap systems
> contains the correct info. So one WILL fail and the other will pass.
> with that being said,.. How do i configure my server to Pass if either
> system returns " ok " ? currently it will fail even if one LDAP system
> returns good.
That's because you're using a "redundant" block. It treats "notfound"
as "LDAP server is still up", and it doesn't fail over to the next one.
Because there was no failure!
> authorize {
...
> redundant {
> ldap1
> ldap2
> }
Change that to:
ldap1
if (notfound) {
ldap2
}
And it will work.
Alan DeKok.
More information about the Freeradius-Users
mailing list