[RADIATOR] AuthBy LDAP2, HoldServerConnection and missing Retry parameter

Karl Gaissmaier karl.gaissmaier at uni-ulm.de
Wed Apr 6 07:09:24 CDT 2011


Hi RADIATOR team,

I've got a problem with Version 4.7 and AuthBy LDAP2. The LDAP server terminates
the connection after 10min of client idle as configured in slapd.conf.

Seems that the RADIATOR doesn't recognize this, and the first ACCESS-REQUEST
after this termination gets the following error:

Wed Apr  6 00:32:34 2011: ERR: ldap search for (|(mail=foo)(uid=bar)) failed with error LDAP_SERVER_DOWN.
Wed Apr  6 00:32:34 2011: ERR: Disconnecting from LDAP server (server foo.uni-ulm.de:636).
Wed Apr  6 00:32:34 2011: DEBUG: AuthBy LDAP2 result: IGNORE, User database access error

See the config part below:

<AuthBy LDAP2>
     PacketTrace
     HoldServerConnection
     NoDefault

     Host                foo.uni-ulm.de
     Version             3
     FailureBackoffTime  3

     UseSSL
     SSLVerify           require
     SSLCAFile           %D/certificates/ca-bundle.crt

     AuthDN              cn=secret
     AuthPassword        more-secret

     BaseDN              ou=bar,dc=uni-ulm,dc=de
     Scope               one

     # username oder e-mail
     SearchFilter        (|(mail=%1)(uid=%1))
     PasswordAttr        userPassword
</AuthBy>

The next ACCEES-REQUEST opens the LDAP connection again, but the first one
after the disconnect didn't get the chance to retry:

Wed Apr  6 00:20:21 2011: INFO: Connecting to foo.uni-ulm.de:636
Wed Apr  6 00:20:21 2011: INFO: Attempting to bind to LDAP server foo.uni-ulm.de:636
Wed Apr  6 00:20:21 2011: DEBUG: LDAP got result for uid=...

First:  The RADIATOR does not recognize the termination by the LDAP server
Second: There is no 'Retry' parameter for AuthBy LDAP2 for such a case.

Any tip welcome. Maybe I've to disable 'HoldServerConnection' until there
is an other solution.

Best Regards
	Charly

HINTS:

I didn't see this problem with RADIATOR 3.11.
Sigh, I can't go back to 3.11 to verify it definitely.
Sigh, I know, it's a big step from 3.11 to 4.7.

The LDAP server didn't change during the RADIATOR upgrade.
We are using an openldap-2.3.35 under SunOS 5.10 and openssl-0.9.8-latest.

-- 
Karl Gaissmaier
Kommunikations und Informationszentrum kiz
der Universität Ulm
Abteilung Infrastruktur
SG Netzwerk und Telekommunikation
89069 Ulm
Tel.: 49(0)731/50-22499 Fax : 49(0)731/50-1222499


More information about the radiator mailing list