I can tell that ldap failover config is a FAQ by the number of hits I found
searching for this, but it seems that many of the config examples are for
older versions of FreeRADIUS. In any case, this is what I've tried, but it's
not working:
In radiusd.conf:
ldap ldap1{
server = "serverA.domain.com"
basedn = "dc=domain,dc=com"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
tls {
start_tls = no
}
dictionary_mapping = ${confdir}/ldap.attrmap
edir_account_policy_check = no
set_auth_type = no
}
ldap ldap2{
server = "serverB.domain.com"
basedn = "dc=domain,dc=com"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
tls {
start_tls = no
}
dictionary_mapping = ${confdir}/ldap.attrmap
edir_account_policy_check = no
set_auth_type = yes
}
-----------
This is what I put in sites-enabled/default AND in sites-enabled/inner-tunnel
(it doesn't look right to me, but it's what I found):
authorize {
preprocess
redundant LDAP{
ldap1
ldap2
}
Auth-Type LDAP {
ldap1
ldap2
}
-------------
Again, sorry for the FAQ, but if somebody could put me straight here, I'd
appreciate it.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
