[EXT] Re: Multiple LDAP servers best practice
Brian Julin
BJulin at clarku.edu
Wed Feb 15 20:30:35 UTC 2023
Brendan Kearney wrote:
> if you do a nslookup on "ad.stolaf.edu", all of the domain controller's
> IP's will be listed. hence, the round robin load balancing. while not
> "balanced", it is load sharing and provides high availability and fault
> tolerance. The missing piece is knowing when a DC is out of the mix and
> being able to adjust traffic, so that it does not go to that host.
The less involved solution is just to list the same RRDNS record multiple
times instead of listing each server. Supposedly the LDAP libraries will
then fail over and do another RRDNS lookup. I haven't actually
tested it for a while, so as to exactly under what conditions libldap re-performs
the DNS lookup, I'm not currently sure.
ldap ldap_ad {
server = "ad.foo.edu"
server = "ad.foo.edu"
server = "ad.foo.edu"
server = "ad.foo.edu"
port=636
...
}
More information about the Freeradius-Users
mailing list