Load-balancing LDAP
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Thu Jul 14 16:59:15 CEST 2016
Hi,
> We're using an instantiation of the ldap module to check group
> membership, currently calling in an xlat[1] way like this:
>
> switch "%{uobldap:ldap:///DC=ads,DC=bris,DC=ac,DC=uk?objectCategory?sub?(Name=%{reply:User-Name})}"
> {
> ...
> }
>
> At the moment the ldap config itself specifies multiple ldap servers
> and we've been using this for load-balancing, but we have found it
> unsatisfactory as the openldap client doesn't seem to fail over
> properly when the ldap servers go away.
>
> So I want to start using FreeRADIUS's redundant-load-balance
> section[2] but at the moment I can't see how to use this with the
> xlat style of calling the ldap module. Can I do something like wrap
> it in a policy and load-balance between policies?
how have you constructed uobldap module? the best way it to
instantiate the module and have a list...... and the failover/reconnect
is much much better with 3.x with the connection pool stuff
eg
instantiate {
redundant-load-balance master_ldap {
ldap1
ldap2
ldap3
}
}
then you simple call master_ldap with your xlate - which is what you want! :-)
alan
More information about the Freeradius-Users
mailing list