ldap module for user and mac authentication
Michael Ströder
michael at stroeder.com
Wed Aug 8 17:01:33 CEST 2018
On 8/8/18 4:03 PM, Alan DeKok wrote:
> On Aug 7, 2018, at 4:04 PM, Dave Macias <davama at gmail.com> wrote:
>> Unless there is a way to query the "live" ldap server which the ldap module
>> found %{ldap:ldap://%{live.ldap.server}/...} , if that makes sense
>
> No, there's no way to do that. The fail-over in this case is handled
> by libldap. So it's completely out of our control.
Maybe I missed something in the thread. But I understand '"live" LDAP
server' that you want to know which LDAP server behind connection
pooling, load-balancer or similar was really reached.
For this particular case I always I add the service FQDN of a particular
(OpenLDAP) instance to be readable via LDAP, e.g. in the rootDSE. So a
LDAP client can find out to which particular instance it connected even
though it does not control the fail-over.
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3829 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20180808/7a850fce/attachment.bin>
More information about the Freeradius-Users
mailing list