ldap load-balance

Brantley Padgett brantleyp1 at yahoo.com
Fri Oct 7 18:43:16 UTC 2022


> No, that's not what he says. He says libldap has certain functionality. He doesn't say that FreeRADIUS supports this.

Wait, just to make sure I understand, if I have a similar setup to the answer in that SO question, it doesn't failover, or are you saying it doesn't do any load balancing?

I'm running FreeRADIUS Version 3.0.20 from the Ubuntu standard repo: freeradius/focal-updates,now 3.0.20+dfsg-3ubuntu0.1 amd64 [installed]

So looking closer, I didn't realize/understand there was anything like redundant-load-balance. I see that now. 

Where does the redundant-load-balance statement go? I.E. I have my list of servers under raidusd.conf > modules > ldap ...  Putting in the main conf was for ease of writing puppet/ansible modules to install and maintain radius vs multiple files. So would the redundant-load-balance section go under that?

Currently looks like:
# MODULE CONFIGURATION
 modules {
  $INCLUDE mods-enabled/
  ldap {
  server = 'ldap01.example.net'
  server = 'ldap02.example.net'
  server = 'ldap03.example.net'
  port = 389
  base_dn = 'dc=example,dc=net'
  identity = 'xxxxxxxx'
  password = xxxxxxxx


  update {
  control:Password-With-Header += 'userPassword'
  control:NT-Password := 'sambaNTPassword'
  }
  ...
  ...


Should become:
# MODULE CONFIGURATION
 modules {
  $INCLUDE mods-enabled/
  ldap1 {
  server = 'ldap01.example.net'
  port = 389
  base_dn = 'dc=example,dc=net'
  identity = 'xxxxxxxx'
  password = xxxxxxxx
  }
  ldap2 {
  server = 'ldap02.example.net'
  port = 389
  base_dn = 'dc=example,dc=net'
  identity = 'xxxxxxxx'
  password = xxxxxxxx
  }
  redundant-load-balance {
  ldap1
  ldap2
  }
  ...
  ... 

?? 

Apologies if that isn't a clear question. 

Brantley Padgett 

The question is not how far. The question is, 
do you possess the constitution, 
the depth of faith, to go as far as is needed? 
            -Boondock Saints






On Friday, October 7, 2022, 09:05:13 AM CDT, Alan DeKok <aland at deployingradius.com> wrote: 





On Oct 7, 2022, at 9:58 AM, Elias Pereira <empbilly at gmail.com> wrote:
> 
> Arran Cudbard-Bell says it works.

  No, that's not what he says.  He says libldap has certain functionality.  He doesn't say that FreeRADIUS supports this.

  What's your goal here? 

  If you're going to ignore the documentation and argue endlessly, then I suggest forking FreeRADIUS.  You can then fix it to do whatever you want, and you don't need us.

  if you're not going to fork FreeRADIUS, then it works as documented.  Read the documentation.  Stop arguing.  Stop reading (and misunderstanding) random things you find on the net.


  Alan DeKok.


  
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list