[RADIATOR] AuthBy LDAP2, HoldServerConnection and missing Retry parameter
Karl Gaissmaier
karl.gaissmaier at uni-ulm.de
Wed Apr 6 07:09:24 CDT 2011
Hi RADIATOR team,
I've got a problem with Version 4.7 and AuthBy LDAP2. The LDAP server terminates
the connection after 10min of client idle as configured in slapd.conf.
Seems that the RADIATOR doesn't recognize this, and the first ACCESS-REQUEST
after this termination gets the following error:
Wed Apr 6 00:32:34 2011: ERR: ldap search for (|(mail=foo)(uid=bar)) failed with error LDAP_SERVER_DOWN.
Wed Apr 6 00:32:34 2011: ERR: Disconnecting from LDAP server (server foo.uni-ulm.de:636).
Wed Apr 6 00:32:34 2011: DEBUG: AuthBy LDAP2 result: IGNORE, User database access error
See the config part below:
<AuthBy LDAP2>
PacketTrace
HoldServerConnection
NoDefault
Host foo.uni-ulm.de
Version 3
FailureBackoffTime 3
UseSSL
SSLVerify require
SSLCAFile %D/certificates/ca-bundle.crt
AuthDN cn=secret
AuthPassword more-secret
BaseDN ou=bar,dc=uni-ulm,dc=de
Scope one
# username oder e-mail
SearchFilter (|(mail=%1)(uid=%1))
PasswordAttr userPassword
</AuthBy>
The next ACCEES-REQUEST opens the LDAP connection again, but the first one
after the disconnect didn't get the chance to retry:
Wed Apr 6 00:20:21 2011: INFO: Connecting to foo.uni-ulm.de:636
Wed Apr 6 00:20:21 2011: INFO: Attempting to bind to LDAP server foo.uni-ulm.de:636
Wed Apr 6 00:20:21 2011: DEBUG: LDAP got result for uid=...
First: The RADIATOR does not recognize the termination by the LDAP server
Second: There is no 'Retry' parameter for AuthBy LDAP2 for such a case.
Any tip welcome. Maybe I've to disable 'HoldServerConnection' until there
is an other solution.
Best Regards
Charly
HINTS:
I didn't see this problem with RADIATOR 3.11.
Sigh, I can't go back to 3.11 to verify it definitely.
Sigh, I know, it's a big step from 3.11 to 4.7.
The LDAP server didn't change during the RADIATOR upgrade.
We are using an openldap-2.3.35 under SunOS 5.10 and openssl-0.9.8-latest.
--
Karl Gaissmaier
Kommunikations und Informationszentrum kiz
der Universität Ulm
Abteilung Infrastruktur
SG Netzwerk und Telekommunikation
89069 Ulm
Tel.: 49(0)731/50-22499 Fax : 49(0)731/50-1222499
More information about the radiator
mailing list