Redundant-load-balance

Daniel Oakes daniel at 2600hz.com
Wed Apr 8 22:31:33 CEST 2020 

Yeah – I agree – I don’t want to go down a rabbit hole.

What I’m getting is this from the ldap server, which thanks to typically awful documentation is giving me this (from freeradius logs)

Mon Apr  6 17:01:03 2020 : Info: rlm_ldap (ldap): Opening additional connection (4443), 1 of 1 pending slots used
Mon Apr  6 17:01:03 2020 : Error: rlm_ldap (ldap): Bind was not permitted: Server was unwilling to perform
Mon Apr  6 17:01:03 2020 : Error: rlm_ldap (ldap): Opening connection failed (4443)

So that’s not a freeradius fault, but I’m thinking it’s the best place to deal with it.  Ideally I’d like to try the other ldap server should it be returning that.

Recommended approach?

Daniel


From: Freeradius-Users <freeradius-users-bounces+daniel=2600hz.com at lists.freeradius.org>
Date: Wednesday, 8 April 2020 at 2:29 AM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: Redundant-load-balance
On Apr 6, 2020, at 10:36 PM, Daniel Oakes <daniel at 2600hz.com> wrote:
>
> As per subject – trying to setup redundant-load-balance (or even redundant – don’t care as long as it works).
>
> Line 157 was ‘ldap’

  And you don't have an "ldap" module.  So the server has no idea what to do with a bare "ldap" thing in the configuration.

> So just wanting some redundancy in the ldap module (as I’m finding freeipa is being arse sometimes and failing to respond, so I want to go to other one of the pair).
>
> I’m going down a rabbit hole in trying to edit stanzas without understanding the implications.

  That won't end well...

> I ended up in a point where it got further, but now I’m not getting an expansion of the ldap group:
>
> elsif ("%{control:LDAP-Group[*]}" =~ /operations/) { etc

  For various magic reasons, you can't do expansion on LDAP groups.  The LDAP-Group attribute runs an LDAP group query.  The LDAP-Group attribute generally does not contain all of the group information from LDAP.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list