Redundant-load-balance
Alan DeKok
aland at deployingradius.com
Tue Apr 7 16:29:11 CEST 2020
On Apr 6, 2020, at 10:36 PM, Daniel Oakes <daniel at 2600hz.com> wrote:
>
> As per subject – trying to setup redundant-load-balance (or even redundant – don’t care as long as it works).
>
> Line 157 was ‘ldap’
And you don't have an "ldap" module. So the server has no idea what to do with a bare "ldap" thing in the configuration.
> So just wanting some redundancy in the ldap module (as I’m finding freeipa is being arse sometimes and failing to respond, so I want to go to other one of the pair).
>
> I’m going down a rabbit hole in trying to edit stanzas without understanding the implications.
That won't end well...
> I ended up in a point where it got further, but now I’m not getting an expansion of the ldap group:
>
> elsif ("%{control:LDAP-Group[*]}" =~ /operations/) { etc
For various magic reasons, you can't do expansion on LDAP groups. The LDAP-Group attribute runs an LDAP group query. The LDAP-Group attribute generally does not contain all of the group information from LDAP.
Alan DeKok.
More information about the Freeradius-Users
mailing list