RE: (RADIATOR) AuthByLDAP doesn't IGNORE on LDAP server failure

Mon, 12 Jul 1999 05:33:17 -0700 

Hi Mike,
Well, credit for reporting the problem goes to Joost, I just added another wish to the 
list...

/Ingvar


> -----Original Message-----
> From: Mike McCauley [mailto:[EMAIL PROTECTED]]
> Sent: den 13 juli 1999 01:28
> To: Ingvar Berg (ERA); [EMAIL PROTECTED]
> Subject: Re: (RADIATOR) AuthByLDAP doesn't IGNORE on LDAP 
> server failure
> 
> 
> Hi Ingvar,
> 
> thanks for reporting this. In the forthcoming new release of 
> Radiator AuthLDAP
> and other similar authenticators will IGNORE if there is a 
> problem contacting
> the database, so you will be able to distinguish between 
> "database failure" and
> "no such user" fall through to a fallback database if need be.
> 
> The new release will be out in a few days.
> 
> Hope that helps.
> 
> Cheers.
> 
> On Apr 29,  1:33pm, Ingvar Berg (ERA) wrote:
> > Subject: RE: (RADIATOR) AuthByLDAP doesn't IGNORE on LDAP 
> server failure
> > -----Original Message-----
> > From: Joost Stegeman [mailto:[EMAIL PROTECTED]]
> >
> > Hi all,
> >
> > To accomodate high availability, we generate a backup dbm 
> file from the LDAP
> > data every night so that in case of an LDAP server failure, 
> Radiator will
> > fall
> > back to authenticating from this file with an 
> ContinueWhileIgnore clause.
> >
> > Now it seems that, unlike the AuthBySQL module, AuthByLDAP 
> doesn't return
> > IGNORE when the remote server is unreacheable. Instead it 
> returns REJECT. Is
> > this for a good reason? The 'SQL' way seems logical to me, 
> it greatly
> > simplifies backup authentication procedures.
> >
> > We now use ContinueWhileReject, but some of our users have already
> > complained
> > about their old password being valid after they changed it. 
> (The new one is
> > valid too of course and after 0400 the backup file is regenerated so
> > everything
> > is in sync) I would really like the fall back possibility 
> as it reduces the
> > risk of authentication breakdown, and it also simplifies 
> maintanance on the
> > LDAP server.
> >
> > Mike, could you change this for the next release?
> > Does anyone have other thoughts on the matter?
> >
> > [IB] Another thought is that it must be possible to 
> configure Radiator to
> > use a backup LDAP server, which would require the same fix, I guess.
> >
> > /Ingvar

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to