Problem with multiple LDAP servers

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Wed May 4 18:25:06 CEST 2016


Hi,

> If you want visibility into what's going on, it's better to use a template section to configure rlm_ldap, and have one instance per server, referencing them in a redundant-load-balance block.

ldap ldap1 {}
ldap ldap2 {} 

etc - could all be in one file....

and then use the redundancy load balance block to use them:

     redundant-load-balance {
                         ldap1
                         ldap2
                         ldap3
                 }

instead of just calling ldap ?   interesting....might give that a go (our current problem is that
we set the lifetime/timeout to 0 and it appears that after *seme time* (to be found out) and/or *some event*
the server will not connect to the LDAP anymore... it shouldnt have closed connections....)

1) maybe need some kind of keepalive thing going on in the server (to ensure firewalls or linux kernel
TCP stuff doesnt play in this?)

2) more connection info with eg radmin ?

by the way, we are using OpenLDAP compiled against OpenSSL rather than NSS - which was the default stuff....
when we did that (use our own LDAP compiled against OpenSSL) the reconnection after deliberately breaking 
connectivity worked a treat!  :)


alan


More information about the Freeradius-Users mailing list