Joost made a suggestion earlier to add support for a backup LDAP server in order to get high availability. I think it would be a very good feature to have the 'host' specification in the <AuthBy LDAP> clause to accept a string like the ldapsdk call ldapopen(). It would look much like:
 
<AuthBy LDAP>
    ...
    Host        ldap1.domain.com:389 ldap2.domain.com:389 ldap3.domain.com:389
    ...
</AuthBy>
 
Would that be difficult to add ?
 
- Wilbert
 
-----Original Message-----
From: Mike McCauley <[EMAIL PROTECTED]>
To: Ingvar Berg (ERA) <[EMAIL PROTECTED]>; [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: maandag 12 juli 1999 10:29
Subject: Re: (RADIATOR) AuthByLDAP doesn't IGNORE on LDAP server failure

Hi Ingvar,

thanks for reporting this. In the forthcoming new release of Radiator AuthLDAP
and other similar authenticators will IGNORE if there is a problem contacting
the database, so you will be able to distinguish between "database failure" and
"no such user" fall through to a fallback database if need be.

The new release will be out in a few days.

Hope that helps.

Cheers.

On Apr 29,  1:33pm, Ingvar Berg (ERA) wrote:
> Subject: RE: (RADIATOR) AuthByLDAP doesn't IGNORE on LDAP server failure
> -----Original Message-----
> From: Joost Stegeman [mailto:[EMAIL PROTECTED]]
>
> Hi all,
>
> To accomodate high availability, we generate a backup dbm file from the LDAP
> data every night so that in case of an LDAP server failure, Radiator will
> fall
> back to authenticating from this file with an ContinueWhileIgnore clause.
>
> Now it seems that, unlike the AuthBySQL module, AuthByLDAP doesn't return
> IGNORE when the remote server is unreacheable. Instead it returns REJECT. Is
> this for a good reason? The 'SQL' way seems logical to me, it greatly
> simplifies backup authentication procedures.
>
> We now use ContinueWhileReject, but some of our users have already
> complained
> about their old password being valid after they changed it. (The new one is
> valid too of course and after 0400 the backup file is regenerated so
> everything
> is in sync) I would really like the fall back possibility as it reduces the
> risk of authentication breakdown, and it also simplifies maintanance on the
> LDAP server.
>
> Mike, could you change this for the next release?
> Does anyone have other thoughts on the matter?
>
> [IB] Another thought is that it must be possible to configure Radiator to
> use a backup LDAP server, which would require the same fix, I guess.
>
> /Ingvar
> Ericsson Radio Systems AB
> Center for Wireless Internet Integration
> P.O. Box 1885, Teknikringen 8, S-581 17  Linköping, Sweden
> Phone +46 13 32 22 87
> Mobile +46 70 321 3395
> Fax     +46 70 617 3395
> mailto: [EMAIL PROTECTED]
>
>
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Ingvar Berg (ERA)



--
Mike McCauley                               [EMAIL PROTECTED]
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
=
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to