3.1 and LDAP

Wed Dec 2 06:31:45 CET 2015

On Wed, Dec 2, 2015 at 3:59 PM, Arran Cudbard-Bell
<a.cudbardb at freeradius.org> wrote:
>
>> On 1 Dec 2015, at 23:37, Tynan Young <tynany at gmail.com> wrote:
>>
>>>> It really just seems like the LDAP server isn't responding quickly enough.
>>>
>>> Okay, I'll start doing some debugging on the active directory LDAP
>>> side of things.
>>>
>>
>> So after doing more packet captures I discovered that freeradius was
>> querying an active directory server that has been decommissioned. Not
>> sure why it was querying this server as it was not referenced anywhere
>> in the freeradius config,
>
> Because you enabled reference following, and resolving something in the tree provided by your initial set of servers
> ended up causing libldap to rebind to the decommissioned server.

Got it.

options {
                #  The following two configuration items control whether the
                #  server follows references returned by LDAP directory.
                #  They are  mostly for Active Directory compatibility.
                #  If you set these to 'no', then searches will likely return
                #  'operations error', instead of a useful result.
                #
                chase_referrals = yes
                rebind = yes
}

Thanks again.