ldap redundant-load-balance sanity check and questions
Nick Porter
nick at portercomputing.co.uk
Wed Oct 12 09:22:55 UTC 2022
On 11/10/2022 23:47, Alan DeKok wrote:
> On Oct 11, 2022, at 4:55 PM, Brantley Padgett via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> Question 2 - is there a better way of handling multiple
> server[n]-Ldap-Group responses?
> Unfortunately, no. We're looking into fixing that for v4.
V3.2.x does allow you to set cache_attribue in the ldap module
configuration.
This is the attribute which cached group membership will be stored in
when the ldap module is called in authorize (presuming appropriate
settings are in place to cache group membership)
If all the ldap instances are representing the same data, as would be
normal in a redundant failover scenario, then it would be valid to set
all instances to use the same attribute in which to cache the group
membership e.g.
cache_attribute = LDAP-Group
Then, regardless of which ldap instance retrieves the group membership,
it will be cached in the same attribute.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Nick Porter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20221012/2fc535ca/attachment-0001.sig>
More information about the Freeradius-Users
mailing list