(RADIATOR) easiest way to specify multiple ldap servers (for failover)

Tariq Rashid tariq.rashid at uk.easynet.net
Wed Dec 8 08:32:05 CST 2004 

hi - 

i'm looking to add some robustness to the LDAP lookups for radius queries.
see below for the relevant (edited) section of the radius.cfg

i wonder if its possible to add further LDAP servers for the "Host" line so
that if the first one is not responding or unreachable, Radiator will try
the second one. 

I've looked at the mailing lists and the <AuthBy GROUP> seems to be the only
way I have seen - and its seem to heavy really! its fine for when the
different lookups are are different - but in this case all the AuthAttrDefs
and PostSearchHooks are the same ... i only need to specify failover
servers.

Yes - we do have load-balancer - but we need to cover the case when this
load-bancer (in fact the "Host" is pointed to this ldap balancer) is itself
unreachable.

ideas gratefully received - especially if minimal changes!

thanks

Tariq

---------

<AuthBy LDAP2>
        # The main LDAP lookup!
        Identifier privateip-ldap-dial
        Host **.**.**.**
        Port 389
        AuthDN cn=radiusd,ou=accounts,company=EasynetUK,o=easynet.net
        Timeout 25
        FailureBackoffTime 2
        AuthPassword ******
        BaseDN o=*********
        UsernameAttr uid
        PasswordAttr userPassword
        AuthAttrDef ipAddr,Framed-Address,request
        AuthAttrDef ipNetmask,Framed-Netmask,request
        AuthAttrDef ipRoutes,Framed-Route,reply
        AuthAttrDef dialAttr,GENERIC,request
        AuthAttrDef dialUserCLI,GENERIC,request
        AuthAttrDef services,GENERIC,request
        AuthAttrDef filterdefinition,X-filterdefinition,request
        SearchFilter
(&(uid=%1)(|(services=isdn)(services=pstn))(status=active))
        # After the LDAP search, run this perl script
        # This script is where CLI checks get done
        PostSearchHook
file:"/opt/radiator38/etc/raddb/post-search-hook-mia.pl"
</AuthBy>

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list