multiple ldap servers in freeradius

Arran Cudbard-Bell a.cudbardb at freeradius.org
Wed Apr 23 14:08:17 CEST 2014


On 22 Apr 2014, at 18:37, Matt Zagrabelny <mzagrabe at d.umn.edu> wrote:

> On Tue, Apr 22, 2014 at 12:18 PM, Michael Monette <mmonette at 2keys.ca> wrote:
>> Redundancy?
>> 
>> Am I missing something?
> 
> Arran was making a joke. One could interpret his response as:
> 
> "Of course it is possible to add multiple ldap servers".
> 
> Alan responded with the config incantations.

;)

It's just the question has been asked so many times, I find it hard to believe
the answer isn't sitting in one of the googlable mail archives.

Here's the more complete answer:

There are actually multiple ways you can achieve redundancy with LDAP.

The way Alan suggested will open two pools of connections to the two
LDAP servers.

You can then add them to a redundant or load balance stanza to fail between
or distribute requests between the pools.

Something like:

redundant {
	foo
	bar
}

The other way of doing it is to just list multiple servers in the 'server' 
config item.

ldap {
	server = "server1.example.org server2.example.org"
}

Here libldap will handle failover.

The way Alan described will provide smoother failover, at the expense 
of a slightly more complicated config.

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140423/fb20a238/attachment-0001.pgp>


More information about the Freeradius-Users mailing list