On Saturday, December 18, 2010 03:18:19 am Christian Kratzer wrote: > Hi, > > On Fri, 17 Dec 2010, Leigh Porter wrote: > > I tried these methods and none of them really worked effectively against > > a defective LDAP server. The best solution I found was a decent load > > balancer with LDAP server availability testing.. > > we have a customer setup that successfully uses autby ldap for ha failover > as folows: > > AutbyByPolicy ContinueWhileIngore > AuthBy ldap1 > AuthBy ldap2 > AuthBy ldap3 > > Radiator notices failed ldap servers usually when it gets a socket error > from a dead server and moves on to the next server. > > I believe there are still situations when the specific request which runs > into an error situaion is dropped but radius resends should handle those > cases. > > Greetings > Christian
Thanks all - I'll list them individually as I'm doing for other round-robin hosts. It isn't the most convenient, but it seems to be the most predictable and useful way of doing it when you have one out of three hosts fall out of service. We generally pull a failed host's A record out of the DNS at that time as well, but in either case, I'm still sending a HUP to Radiator. Putting a load balancer in front of those servers would solve the problem as well. Musings ahead: What would we all think of something like an MultiHost or RRHost configuration parameter that turned a round-robin resource record into multiple Host parameters? That sounds convenient from a configuration perspective but could hold surprises when your host order changes. The same result could be realized without any patches by using a pipe to another program in the configuration that generated the right stuff. Going a little farther out on a limb now and into quite a bit more programming, perhaps with a RefreshTime parameter (based on the TTL by default) that would re-resolve the record perodically? I can see quite a few failure cases that would need to be handled for that sort of thing to be robust in the face of DNS failure - and it certainly couldn't be robust in the case of DNS operator error. -- Andrew Clark _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
