ldap module for user and mac authentication

Michael Ströder michael at stroeder.com
Wed Aug 8 17:01:33 CEST 2018


On 8/8/18 4:03 PM, Alan DeKok wrote:
> On Aug 7, 2018, at 4:04 PM, Dave Macias <davama at gmail.com> wrote:
>> Unless there is a way to query the "live" ldap server which the ldap module
>> found %{ldap:ldap://%{live.ldap.server}/...} , if that makes sense
> 
> No, there's no way to do that.  The fail-over in this case is handled
> by libldap.  So it's completely out of our control.

Maybe I missed something in the thread. But I understand '"live" LDAP 
server' that you want to know which LDAP server behind connection 
pooling, load-balancer or similar was really reached.

For this particular case I always I add the service FQDN of a particular 
(OpenLDAP) instance to be readable via LDAP, e.g. in the rootDSE. So a 
LDAP client can find out to which particular instance it connected even 
though it does not control the fail-over.

Ciao, Michael.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3829 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20180808/7a850fce/attachment.bin>


More information about the Freeradius-Users mailing list