Hi, Elizabeth Steinke <[EMAIL PROTECTED]> wrote: > > Since we have other applications that don't and probably never will preform > redundant > LDAP lookups I'm thinking I will just an LDAP VIP to the LVS server. I am > still willing > to try an solutions in my lab for the sake of having it in the list archives > :) > Alan's not keen on it and grumbles that it uses attr_rewrite, but it works for me:
http://bugs.freeradius.org/show_bug.cgi?id=592 If you need an update of the patch for FreeRADIUS in git then do pester me. In your config you are looking to add something like the following, if it's unclear then do pester me offlist. This has been working fine for me for nearly two months: ------- post-auth { ... redundant-load-balance { ldap1_get-host-dn ldap2_get-host-dn } ... } modules { ... attr_rewrite ldap1_get-host-dn { attribute = Tmp-String-2 searchin = config searchfor = "^.*$" replacewith = "%{ldap_soasauth-nd1:ldap:///ou=Hosts,ou=LanWarden,o=soas?dn?sub?(&(objectClass=lanwardenHost)(lanwardenHostState=enable)(cn=%{control:Tmp-String-0})%{control:Tmp-String-1})}" new_attribute = yes max_matches = 1 append = no } attr_rewrite ldap2_get-host-dn { attribute = Tmp-String-2 searchin = config searchfor = "^.*$" replacewith = "%{ldap_soasauth-nd2:ldap:///ou=Hosts,ou=LanWarden,o=soas?dn?sub?(&(objectClass=lanwardenHost)(lanwardenHostState=enable)(cn=%{control:Tmp-String-0})%{control:Tmp-String-1})}" new_attribute = yes max_matches = 1 append = no } ... } --------- Might find the following helpful too: http://bugs.freeradius.org/show_bug.cgi?id=544 http://stuff.digriz.org.uk/freeradius/ Cheers Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
