(RADIATOR) ldap <AuthBy ROUNDROBIN>,
Hugh Irvine
hugh at open.com.au
Tue May 13 17:45:07 CDT 2008
Hello Peter -
Thanks for your mail.
What you describe is not possible in a single instance of Radiator,
however it is very simple to do with multiple instances of Radiator.
You would have a "front-end" instance of Radiator with an AuthBy
ROUNDROBIN clause proxying to three "back-end" instances of Radiator
each with a single AuthBy LDAP2 clause.
This approach has the added advantage of providing some parallel
processing of simultaneous requests.
I often use this sort of design in my consulting practice.
hope that helps
regards
Hugh
On 13 May 2008, at 22:38, Peter Havekes wrote:
> LS,
>
> At the moment I use Authby group to address multiple LDAP servers.
> In this setup the second ldap server will only get used if the
> first ldap server is not responding or rejects the request. I would
> like to load-balance all the requests amongst all available ldap-
> servers, like <AuthBy ROUNDROBIN> does for radius-hosts. Is this
> possible?
>
> My config looks like this:
>
>
>
>
> <Handler xxxxxxxxxxxxx>
> <AuthBy GROUP>
> RewriteUsername s/-//g
> RewriteUsername s/^([^@]+).*/$1/
> AuthByPolicy ContinueUntilAccept
> <AuthBy LDAP2>
> NoDefault
> Host xxxxxxxxxxxxxxxxxxxx
> Port 389
> BaseDN ou=xxxxxxxxxxxxxxxxxxxxx
> UsernameAttr cn
> ServerChecksPassword
> Timeout 5
> </AuthBy>
> <AuthBy LDAP2>
> NoDefault
> Host xxxxxxxxxxxxxxxxxx
> Port 389
> BaseDN ou=xxxxxxxxxxxxxxxxxxxx
> UsernameAttr cn
> ServerChecksPassword
> Timeout 5
> </AuthBy>
> <AuthBy LDAP2>
> NoDefault
> Host xxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Port 389
> BaseDN ou=xxxxxxxxxxxxxxxxxxxx
> UsernameAttr cn
> ServerChecksPassword
> Timeout 5
> </AuthBy>
> </AuthBy>
> </Handler>
>
>
>
>
>
>
>
> --
>
>
> Peter Havekes
> DIF-ICT
> ICT-Ontwikkeling
> Avans Hogeschool
> Onderwijsboulevard 215
> 5223 DE 's-Hertogenbosch
> Telefoon 0736 295 592
> Mobiel 0612917383
> Fax 0736295488
> email/msn p.havekes at avans.nl
>
>
>
> ----------------------------------------------------------------------
> -----
> Op deze e-mail zijn de volgende voorwaarden van toepassing:
> The following conditions apply to this e-mail:
> http://emaildisclaimer.avans.nl
> ----------------------------------------------------------------------
> -----
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list