Alan DeKok a écrit :
>> I think this ought to be documented in rlm_ldap documentation (as well
>> as minor other changes, such as the new tls subsection).
>
> The new tls sub-section isn't required. The old-style configuration
> *should* work.
It does. But clarification between what's old and what's new syntax
doesn't harm.
>> I also tried to clean up my configuration a little bit. I think a found
>> a bug in the handling of set_auth_type directive. From what I
>> understood, this directive governs the setting of the Auth-Type
>> attribute to 'LDAP' during the authorisation phase. However, whatever
>> its value, it's automatically disabled when launching radius at startup:
>>
>> Tue Apr 29 14:07:17 2008 : Debug: rlm_ldap: Over-riding set_auth_type,
>> as we're not listed in the "authenticate" section.
>
> Yes... the LDAP module is now aware that you may have *multiple*
> copies of the LDAP module running.
I guess you mean 'not aware'
>> Here is my autenticate section, using two ldap modules in fail-over:
>> authenticate {
>> Auth-Type LDAP {
>> redundant {
>> ldap1
>> ldap2
>
> ldap1 != "LDAP".
Right, but that seems to be only a syntax difference, refering to a
named instance of the LDAP module. One would expect the code to be more
robust, or at least the problem documented somewhere.
[..]
>> Which one should I believe ?
>
> All of them. There are generalizations, which are usually true. In
> addition, there are specific corner cases where the generalizations
> aren't true.
I need the second solution (ldap as an autentication server), so I need
to have Auth-Type set.
If I understand correctly, there no way to help the rlm_module
understand I'm using it for autentication, as I use a complex synta, so
I have to set it up explicitely, right ? In this case, I think this
deserve some explanation in the rlm_ldap documentation, such as:
"Warning, if the LDAP module is not directly referenced to in
authentication section, such as a failover configuration using named
aliases, this setting will be disabled".
--
Guillaume Rousse
Moyens Informatiques - INRIA Futurs
Tel: 01 69 35 69 62
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
