Load balance LDAP servers for group checking
highl1 at gmail.com
Fri May 12 18:36:11 CEST 2017
I have this in my ldap module config
# seconds to wait for LDAP query to finish. default: 20
timeout = 4
# seconds LDAP server has to process the query (server-side
# time limit). default: 20
# LDAP_OPT_TIMELIMIT is set to this value.
timelimit = 3
# seconds to wait for response of the server. (network
# failures) default: 10
# LDAP_OPT_NETWORK_TIMEOUT is set to this value.
net_timeout = 1
And I am almost positve that I didn't change this one. Does this means I am
only allowing 4 seconds for LDAP query to finish, and only 3 for LDAP to
process? Also, timeout is just 1 second, which seems pretty low.
Guess that if my settings here are wrong, I can fix my problem just by
setting bigger values, since the LDAP is not down
Thanks for all your help!
On Fri, May 12, 2017 at 6:24 PM, Stefan Paetow <Stefan.Paetow at jisc.ac.uk>
> > Well, LDAP is Windows AD, and they're constantly up, I more think it's a
> > issue from the KVM running freeradius VM, that for some reason networking
> > is lost, or the switches. I would get failed authentications somewhere
> > as well, not just through freeradius with group AD check.
> Well... Active Directory *loves* referrals and if one of the DCs that is
> being referred to is slow to respond you get... timeouts.
> It may not be related to your case, but keep that in mind too.
> Stefan Paetow
> Moonshot Industry & Research Liaison Coordinator
> t: +44 (0)1235 822 125
> gpg: 0x3FCE5142
> xmpp: stefanp at jabber.dev.ja.net
> skype: stefan.paetow.janet
> Jisc is a registered charity (number 1149740) and a company limited by
> guarantee which is registered in England under Company No. 5747339, VAT No.
> GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill,
> Bristol, BS2 0JA. T 0203 697 5800.
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
More information about the Freeradius-Users