[RADIATOR] AuthBy LDAP2, HoldServerConnection and missing Retry parameter
Heikki Vatiainen
hvn at open.com.au
Tue Apr 12 07:09:11 CDT 2011
On 04/11/2011 12:26 PM, Karl Gaissmaier wrote:
>>> this is strange as Radiator-4.x has explicit support for reconnecting
>>> to ldap servers after an idle timeout.
>>
>> Indeed. The function that has "ldap search for ..." error message does
>> LDAP reconnect as the first thing. Reconnect should notice the closed
>> connection and then connect again.
>
> but not with HoldSeverConnection, or? I don't see a reconnect,
> not under Trace 4 and even not on the wire with wireshark.
With HoldServerConnection, yes.
When HoldServerConnection is defined and there should be an active ldap
handle, the code checks if the socket is still ok or it the socket
indicates that there is something available. If this something is
LDAP_OPERATIONS_ERROR with "Unexpected EOF" then there should be a
reconnect.
Before this check, the the code checks if the socket is still connected.
This should take care of e.g., timeouts caused by firewalls.
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list