[RADIATOR] AuthBy LDAP2 failover with round-robin DNS?
Leigh Porter
leigh.porter at ukbroadband.com
Fri Dec 17 17:04:25 CST 2010
I tried these methods and none of them really worked effectively against a defective LDAP server. The best solution I found was a decent load balancer with LDAP server availability testing..
--
Leigh
On 17 Dec 2010, at 22:24, Heikki Vatiainen wrote:
> On 12/17/2010 11:29 PM, Christian Kratzer wrote:
>
>>> one more quick question. What is the behavior of AuthBy LDAP2 with a
>>> round-robin DNS entry (multiple A records for the RR)? If I'd like
>>> failover behavior, will a single Host declaration with a round-robin
>>> record be enough, or do I need to list out each individual LDAP
>>> server?
>>
>> you should explicitly list all servers as Dns will get resolved once
>> on load of config.
>
> That is true with e.g. Clients, but from the manual it looks like AuthBy
> LDAP2 behaves a bit differently. Quote:
>
> Multiple space separated host names can be specified
> and Net::LDAP will choose the first available one.
>
> A quick check shows that the host name(s) are passed to Net::LDAP which
> takes care of resolving names to addresses. Note also how the doc below
> says hosts are tried until there is success.
>
> http://search.cpan.org/~gbarr/perl-ldap-0.4001/lib/Net/LDAP.pod#new
>
> Radiator seems to create a new Net::LDAP for each (re)connect so it
> might be that DNS is queried when there was a disconnect and a reconnect
> needs to be done.
>
> So listing the hosts, like Christian writes, seems to be easier than
> trying to follow Net::LDAP's method of resolution.
>
> --
> Heikki Vatiainen <hvn at open.com.au>
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
More information about the radiator
mailing list