multiple ldap servers

Fri May 4 17:10:53 CEST 2012

On May 4, 2012, at 10:14 AM, Alan DeKok wrote:

> jeff donovan wrote:
>> I'm new to radius but have been reading.
> 
>  That's always positive.
> 
>> how can i search and alternate LDAP server for user credentials ?
>> If the first LDAP search fails try the next server in line. 
> 
>  Do you mean "fail" or "notfound"?  They're different...

true,. i will probably come across both.

> 
>> I found some documentation-
>> * http://freeradius.org/radiusd/doc/ldap_howto.txt  does not mention a
>> second server.
>> *http://freeradius.org/radiusd/doc/configurable_failover explains the
>> redundant setup for sql accounting. 
> 
>  See also "man unlang".  It explains this in more detail.
k tnx-more reading :)
> 
>> so far I tried adding the second ldap server, it's info is read during
>> module load -- no errors. The problem is,.. only one of the ldap systems
>> contains the correct info. So one WILL fail and the other will pass. 
>> with that being said,.. How do i configure my server to Pass if either
>> system returns " ok " ? currently it will fail even if one LDAP system
>> returns good.
> 
>  That's because you're using a "redundant" block.  It treats "notfound"
> as "LDAP server is still up", and it doesn't fail over to the next one.
> Because there was no failure!
> 
>> authorize {
> ...
>>    redundant {
>> ldap1
>> ldap2
>>    }
> 
>  Change that to:
> 
> 	ldap1
> 	if (notfound) {
> 		ldap2
> 	}
> 
>  And it will work.
> 

thanks for the reply. can i really use if then else ? 
with that said, i should be able to apply the same for fail ?
--- ill post more when i adjust my settings and try with the not found. then I try with fail.

-j
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2497 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120504/1e8c41a5/attachment.bin>