Joost made a suggestion
earlier to add support for a backup LDAP server in order to get high
availability. I think it would be a very good feature to have the 'host'
specification in the <AuthBy LDAP> clause to accept a string like the
ldapsdk call ldapopen(). It would look much like:
Would that be difficult to
thanks for reporting this. In the forthcoming new release of
and other similar authenticators will IGNORE if there
is a problem contacting
the database, so you will be able to distinguish
between "database failure" and
"no such user" fall
through to a fallback database if need be.
The new release will be
out in a few days.
Hope that helps.
29, 1:33pm, Ingvar Berg (ERA) wrote:
> Subject: RE: (RADIATOR)
AuthByLDAP doesn't IGNORE on LDAP server failure
> From: Joost Stegeman [mailto:[EMAIL PROTECTED]]
> To accomodate high availability, we generate a
backup dbm file from the LDAP
> data every night so that in case of an
LDAP server failure, Radiator will
> back to
authenticating from this file with an ContinueWhileIgnore
> Now it seems that, unlike the AuthBySQL module,
AuthByLDAP doesn't return
> IGNORE when the remote server is
unreacheable. Instead it returns REJECT. Is
> this for a good reason?
The 'SQL' way seems logical to me, it greatly
> simplifies backup
> We now use ContinueWhileReject,
but some of our users have already
> about their
old password being valid after they changed it. (The new one is
valid too of course and after 0400 the backup file is regenerated so
> is in sync) I would really like the fall back possibility
as it reduces the
> risk of authentication breakdown, and it also
simplifies maintanance on the
> LDAP server.
could you change this for the next release?
> Does anyone have other
thoughts on the matter?
> [IB] Another thought is that it must
be possible to configure Radiator to
> use a backup LDAP server, which
would require the same fix, I guess.
Ericsson Radio Systems AB
> Center for Wireless Internet
> P.O. Box 1885, Teknikringen 8, S-581 17
> Phone +46 13 32 22 87
> Mobile +46 70
> Fax +46 70 617 3395
To unsubscribe, email '[EMAIL PROTECTED]'
> 'unsubscribe radiator' in the body of the message.
End of excerpt from Ingvar Berg (ERA)
Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188
Phone +61 3
Fax +61 3 9598-0955
Radiator: the most portable, flexible
and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP,
NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external,
etc etc on Unix, Win95/8,
Archive at http://www.thesite.com.au/~radiator/
unsubscribe, email '[EMAIL PROTECTED]'
'unsubscribe radiator' in the body of the