Phil Mayers <p.may...@imperial.ac.uk> wrote: > > Unfortunately, when you supply >1 LDAP server, this is handled > internally by libldap, and libldap tries the LDAP servers in series, not > in parallel. So there will always be some outage. > > FreeRADIUS does not currently have connection pools, and they're a bit > hard with LDAP because libldap doesn't have a great API. > The API is good enough.
I keep meaning to do this for the sql module (well, postgresql) but it can be done for libldap too. Open the socket directly in freeradius, using SOCK_NONBLOCK -> connect() -> SO_RCVTIMEO/SO_SNDTIMEO and then pass that all to ldap_init_fd(). connect() can now catch timeouts with select() and it means we also catch networking errors rather than just server/client errors. I await Alan's "show me the money^Wpatch"...well maybe I'll find some time next week. Cannot have Imperial stealing the whole show :) Cheers -- Alexander Clouter .sigmonster says: You will have many recoverable tape errors. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html