[RADIATOR] AuthBy LDAP2 failover with round-robin DNS?

Leigh Porter leigh.porter at ukbroadband.com
Fri Dec 17 17:04:25 CST 2010


I tried these methods and none of them really worked effectively against a defective LDAP server. The best solution I found was a decent load balancer with LDAP server availability testing..

--
Leigh


On 17 Dec 2010, at 22:24, Heikki Vatiainen wrote:

> On 12/17/2010 11:29 PM, Christian Kratzer wrote:
> 
>>> one more quick question.  What is the behavior of AuthBy LDAP2 with a
>>> round-robin DNS entry (multiple A records for the RR)?  If I'd like
>>> failover behavior, will a single Host declaration with a round-robin
>>> record be enough, or do I need to list out each individual LDAP
>>> server?
>> 
>> you should explicitly list all servers as Dns will get resolved once
>> on load of config.
> 
> That is true with e.g. Clients, but from the manual it looks like AuthBy
> LDAP2 behaves a bit differently. Quote:
> 
>  Multiple space separated host names can be specified
>  and Net::LDAP will choose the first available one.
> 
> A quick check shows that the host name(s) are passed to Net::LDAP which
> takes care of resolving names to addresses. Note also how the doc below
> says hosts are tried until there is success.
> 
> http://search.cpan.org/~gbarr/perl-ldap-0.4001/lib/Net/LDAP.pod#new
> 
> Radiator seems to create a new Net::LDAP for each (re)connect so it
> might be that DNS is queried when there was a disconnect and a reconnect
> needs to be done.
> 
> So listing the hosts, like Christian writes, seems to be easier than
> trying to follow Net::LDAP's method of resolution.
> 
> -- 
> Heikki Vatiainen <hvn at open.com.au>
> 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



More information about the radiator mailing list