Load-balancing LDAP

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Thu Jul 14 16:59:15 CEST 2016


> We're using an instantiation of the ldap module to check group
> membership, currently calling in an xlat[1] way like this:
> switch "%{uobldap:ldap:///DC=ads,DC=bris,DC=ac,DC=uk?objectCategory?sub?(Name=%{reply:User-Name})}"
> {
>   ...
> }
> At the moment the ldap config itself specifies multiple ldap servers
> and we've been using this for load-balancing, but we have found it
> unsatisfactory as the openldap client doesn't seem to fail over
> properly when the ldap servers go away.
> So I want to start using FreeRADIUS's redundant-load-balance
> section[2] but at the moment I can't see how to use this with the
> xlat style of calling the ldap module. Can I do something like wrap
> it in a policy and load-balance between policies?

how have you constructed uobldap module?    the best way it to 
instantiate the module and have a list...... and the failover/reconnect
is much much better with 3.x with the connection pool stuff 


instantiate {
	redundant-load-balance master_ldap {


then you simple call master_ldap with your xlate - which is what you want! :-)


More information about the Freeradius-Users mailing list