[EXT] Re: Multiple LDAP servers best practice
Tony Skalski
ajs at stolaf.edu
Wed Feb 15 20:59:24 UTC 2023
Thanks for the ideas! I am curious, say I start FR and I have 4 connections
open to 4 unique ldap servers (start = 4), what methodology does FR use to
select a connection to use?
Notwithstanding issues with the LDAP servers, given I have "min = 3", I
would expect there to be a minimum of 3 connections at all times, correct?
Are there any scenarios where FR will violate that? We had a wireless
outage this morning and when I first checked I noticed there were 0
connections to our ldap servers - it wasn't an LDAP outage as other
services did not have any issues. An FR restart got FR reconnected.
On Wed, Feb 15, 2023 at 2:31 PM Brian Julin <BJulin at clarku.edu> wrote:
>
> Brendan Kearney wrote:
> > if you do a nslookup on "ad.stolaf.edu", all of the domain controller's
> > IP's will be listed. hence, the round robin load balancing. while not
> > "balanced", it is load sharing and provides high availability and fault
> > tolerance. The missing piece is knowing when a DC is out of the mix and
> > being able to adjust traffic, so that it does not go to that host.
>
> The less involved solution is just to list the same RRDNS record multiple
> times instead of listing each server. Supposedly the LDAP libraries will
> then fail over and do another RRDNS lookup. I haven't actually
> tested it for a while, so as to exactly under what conditions libldap
> re-performs
> the DNS lookup, I'm not currently sure.
>
> ldap ldap_ad {
> server = "ad.foo.edu"
> server = "ad.foo.edu"
> server = "ad.foo.edu"
> server = "ad.foo.edu"
> port=636
> ...
> }
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
--
*Tony Skalski (he/him/his)*
System Administrator | IT
Office: 507-786-3227 <(507)786-3227>
1510 St. Olaf Avenue Northfield, MN 55057
stolaf.edu
More information about the Freeradius-Users
mailing list