Redundant LDAP servers in /etc/freeradius/modules/ldap
Tom Yard
tomyyard at gmail.com
Wed Nov 28 14:43:17 CET 2018
Dear Alan, thanks for your help.
I have two questions now:
1) There are no commas at all in my definition in
/etc/freeradius/modules/ldap:
ldap {
server = "server1.company.com"
server = "server2.company.com"
....
}
2) The failover mechanism works in Freeradius 2.2.5 ?
Thanks again!!
El mar., 27 nov. 2018 a las 19:58, Alan DeKok (<aland at deployingradius.com>)
escribió:
> On Nov 27, 2018, at 1:55 PM, Tom Yard <tomyyard at gmail.com> wrote:
> >
> > Dear people, I have a Freeradius servers vefrsion 2.2.5 using LDAP for
> > authentication.
> >
> > I have just one LDAP server defined in /etc/freeradius/modules/ldap, but
> > yesterday the DC went down and Freeradius was offline.
> >
> > Is it possible to have two redundant LDAP server scheme, defining this in
> > /etc/freeradius/modules/ldap:
> >
> > ldap {
> > server = "server1.company.com"
> > server = "server2.company.com"
>
> No.
>
> Some LDAP libraries will parse the server name into multiple pieces if
> it contains commas:
>
> server = "server1,server2"
>
> I don't recommend that, as it means that the LDAP client library is in
> charge of fail-over. and they are typically terrible.
>
> It's better to use the fail-over mechanism in FreeRADIUS. It works, and
> it's under your control.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list