Load-balancing LDAP
Jonathan Gazeley
Jonathan.Gazeley at bristol.ac.uk
Thu Jul 14 16:44:42 CEST 2016
Hi folks,
We're using an instantiation of the ldap module to check group
membership, currently calling in an xlat[1] way like this:
switch
"%{uobldap:ldap:///DC=ads,DC=bris,DC=ac,DC=uk?objectCategory?sub?(Name=%{reply:User-Name})}"
{
...
}
At the moment the ldap config itself specifies multiple ldap servers and
we've been using this for load-balancing, but we have found it
unsatisfactory as the openldap client doesn't seem to fail over properly
when the ldap servers go away.
So I want to start using FreeRADIUS's redundant-load-balance section[2]
but at the moment I can't see how to use this with the xlat style of
calling the ldap module. Can I do something like wrap it in a policy and
load-balance between policies?
[1] http://wiki.freeradius.org/modules/rlm_ldap#ldap-xlat
[2] http://wiki.freeradius.org/config/load-balancing
Thanks,
Jonathan
--
Jonathan Gazeley
Senior Systems Administrator
IT Services
University of Bristol
More information about the Freeradius-Users
mailing list