[RADIATOR] AuthBy LDAP difference between bind failure to LDAP service and unreachable LDAP service

karel.vandervelden at kpn.com karel.vandervelden at kpn.com
Wed Mar 12 01:22:01 CDT 2014 

Hello all,

Does anyone know if it is possible to handle the errors of an unreachable LDAP server vs not capable to bind differently within radiator? If so, please advise.

For an access service we use the bind feature to let the LDAP server check the password for that specific user object, and then retrieve the required attributes. But when the username/password combination is wrong the result is IGNORE and hence another authentication attempt is done towards the second LDAP server (which of course also results in a non-successful bind attempt).

Fri Mar  7 10:57:40 2014: INFO: Connecting to 1.1.1.1:389
Fri Mar  7 10:57:40 2014: ERR: Could not open LDAP connection to 1.1.1.1:389. Backing off for 0 seconds
Fri Mar  7 10:57:40 2014: DEBUG: Radius::AuthGROUP:Wifiaccess-authentication Wifiaccess-LDAP-A result: IGNORE User database access error
Fri Mar  7 10:57:40 2014: DEBUG: Radius::AuthGROUP: Wifiaccess-authentication result: IGNORE, User database acess error
Fri Mar  7 10:57:40 2014: DEBUG: Radius::AuthGROUP:  result: IGNORE, User database access error

vs

Fri Mar  7 10:59:35 2014: INFO: Connecting to 1.1.1.1:389
Fri Mar  7 10:59:35 2014: INFO: Attempting to bind to LDAP server 1.1.1.1:389
Fri Mar  7 10:59:35 2014: ERR: Could not bind connection with user at somedomain.nl, password, error: LDAP_INVALID_CREDENTIALS (server 1.1.1.1:389).
Fri Mar  7 10:59:35 2014: ERR: Backing off from 1.1.1.1:389 for 0 seconds.
Fri Mar  7 10:59:35 2014: DEBUG: Radius::AuthGROUP:Wifiaccess-authentication Wifiaccess-LDAP-A result: IGNORE User database access error
Fri Mar  7 10:59:35 2014: DEBUG: Radius::AuthGROUP: Wifiaccess-authentication result: IGNORE, User database access error

Perhaps a non-successful bind operations bind should result in a REJECT instead of a IGNORE?

Met vriendelijke groeten/With kind regards,
           Karel van der Velden

[cid:image001.gif at 01CF3DC2.EEAF4F50]
Ananke
Goddess of necessity, inevitability and compulsion
Godin van de noodzakelijkheid, onvermijdelijkheid en dwangmatigheid
NETCO FO N&SD Service Development
Reitemakersrijge 13
9711 HT Groningen
Vast: 050 - 5881003
Fax: 050 - 3186347

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20140312/dddaaea6/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 4059 bytes
Desc: image001.gif
Url : http://www.open.com.au/pipermail/radiator/attachments/20140312/dddaaea6/attachment.gif

More information about the radiator mailing list