[RADIATOR] timing ldap auth

Heikki Vatiainen hvn at open.com.au
Mon Feb 7 15:04:39 CST 2011


On 02/07/2011 08:32 AM, Barry Ard wrote:

> I would like to be track / report on the success/failure of the our
> LDAP2 AuthBy's. I am particularly interested in catching timeouts and
> connection failures as these requests are made to machines in a
> different part of our organization and we have been having issues.

You should already see LDAP connection related messages if you have at
least Trace 3 enabled. For example, server side disconnects, Radiator
initiated reconnects and successful TLS connection establishments are
logged with LOG_INFO level (3). More serious messages cause a
LOG_WARNING or LOG_ERR and will be logged with Trace 3 too.

An example of LOG_ERR event is unsuccessful LDAP connection attempt
during reconnect.

> I was looking at using a PostSearchHook but a quick glance at
> AuthLDAP2.pm it looks to be called after a successful auth (thus not
> catching connection failures), is this correct? If so, what would be
> the best way to go about this?

PostSearchHook only runs if the search was successful, so this does not
sound like what you are after.

Do you think Trace 3 is not enough? It should already show many
connection related events.

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list