Ldap DNS SRV record support
Alan DeKok
aland at deployingradius.com
Thu Oct 12 17:49:16 CEST 2017
On Oct 11, 2017, at 11:16 PM, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
> Alan knows no one has any hope of producing such a patch. The code in rlm_ldap simply isn't setup to do this kind of dynamic connection/pool creation.
Even if it was, I'm not sure it's very useful.
DNS is a *terrible* solution for doing round-robin application access. Doing round-robin like that is fine for the wider internet, e.g. geo-location.
But for your internal network, you're almost always better off using application-aware round-robin.
> Yeah if all you want is redundancy, just do that. Or in v3.0.x you can even specify multiple "server" config items. That'll be gone in v4.0.x though.
You can always configure 4 LDAP modules, and then:
redundant-load-balance {
ldap1
ldap2
ldap3
ldap4
}
And FreeRADIUS will do the right thing. Plus, it will do load-balancing if one of the LDAP servers is down, whereas that doesn't really work well for DNS.
Alan DeKok.
More information about the Freeradius-Users
mailing list