ldap load-balance

Alan DeKok aland at deployingradius.com
Fri Oct 7 18:55:03 UTC 2022 

On Oct 7, 2022, at 2:43 PM, Brantley Padgett via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> Wait, just to make sure I understand, if I have a similar setup to the answer in that SO question, it doesn't failover, or are you saying it doesn't do any load balancing?

  I'm saying that the server works as documented.

  The original poster made it *very* clear that he had little intention of reading the docs, or doing anything reasonable to solve his problem.

  He asked the list about the functionality of the LDAP module.  When the module contains FULL documentation on what it does, and how it works.  When I suggested he read that documentation, he didn't.  Instead he found some random post from years ago, and went off on a tangent about that.

  This is evidence that he's posting just to stir up trouble.  Or, he's asking questions with no intention of paying attention to the answers.  Either way, it's unacceptable.

  Read his last message to see what his attitude is.  It in *no way* has anything to do with what I said.  So once again, he proves he cannot read the most basic of content and understand it.  At that point, it's impossible to help someone.

> I'm running FreeRADIUS Version 3.0.20 from the Ubuntu standard repo: freeradius/focal-updates,now 3.0.20+dfsg-3ubuntu0.1 amd64 [installed]

  I'd recommend 3.0.26 at least.  We have packages on http://packages.networkradius.com  They have many features and bug fixes over 3.0.20.

> So looking closer, I didn't realize/understand there was anything like redundant-load-balance. I see that now. 
> 
> Where does the redundant-load-balance statement go?

  In the processing section.  authorize / authenticate / etc.

> I.E. I have my list of servers under raidusd.conf > modules > ldap ...  Putting in the main conf was for ease of writing puppet/ansible modules to install and maintain radius vs multiple files. So would the redundant-load-balance section go under that?

  No.

  Again... the documentation makes it clear where the "load-balance" keyword goes.  I really don't know how else to say this.

  Where should we be putt the load-balance documentation so that people will read it?

> Currently looks like:
> # MODULE CONFIGURATION
>  modules {
>   $INCLUDE mods-enabled/
>   ldap {
>   server = 'ldap01.example.net'
>   server = 'ldap02.example.net'
>   server = 'ldap03.example.net'

  That's fine.  The libldap code will handle failover.  As is documented in the mods-available/ldap file.

> Should become:

  No.

  Alan DeKok.

More information about the Freeradius-Users mailing list