Hi Ingvar,
thanks for reporting this. In the forthcoming new release of Radiator AuthLDAP
and other similar authenticators will IGNORE if there is a problem contacting
the database, so you will be able to distinguish between "database failure" and
"no such user" fall through to a fallback database if need be.
The new release will be out in a few days.
Hope that helps.
Cheers.
On Apr 29, 1:33pm, Ingvar Berg (ERA) wrote:
> Subject: RE: (RADIATOR) AuthByLDAP doesn't IGNORE on LDAP server failure
> -----Original Message-----
> From: Joost Stegeman [mailto:[EMAIL PROTECTED]]
>
> Hi all,
>
> To accomodate high availability, we generate a backup dbm file from the LDAP
> data every night so that in case of an LDAP server failure, Radiator will
> fall
> back to authenticating from this file with an ContinueWhileIgnore clause.
>
> Now it seems that, unlike the AuthBySQL module, AuthByLDAP doesn't return
> IGNORE when the remote server is unreacheable. Instead it returns REJECT. Is
> this for a good reason? The 'SQL' way seems logical to me, it greatly
> simplifies backup authentication procedures.
>
> We now use ContinueWhileReject, but some of our users have already
> complained
> about their old password being valid after they changed it. (The new one is
> valid too of course and after 0400 the backup file is regenerated so
> everything
> is in sync) I would really like the fall back possibility as it reduces the
> risk of authentication breakdown, and it also simplifies maintanance on the
> LDAP server.
>
> Mike, could you change this for the next release?
> Does anyone have other thoughts on the matter?
>
> [IB] Another thought is that it must be possible to configure Radiator to
> use a backup LDAP server, which would require the same fix, I guess.
>
> /Ingvar
> Ericsson Radio Systems AB
> Center for Wireless Internet Integration
> P.O. Box 1885, Teknikringen 8, S-581 17 Linköping, Sweden
> Phone +46 13 32 22 87
> Mobile +46 70 321 3395
> Fax +46 70 617 3395
> mailto: [EMAIL PROTECTED]
>
>
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Ingvar Berg (ERA)
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
˙
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
