Re: Freeradius and LDAP keepalive
Thank you. I have tried those options, but they doesn't work for me. The problem is that they configure freeradius to send TCP Keepalive messages over the connection, but these packets are just TCP packets, they don't content any ldap command, so openldap idle_timeout is still applied. -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica_(___V Tfo: 868887590 Fax: 86337 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and LDAP keepalive
Angel L. Mateo wrote: Thank you. I have tried those options, but they doesn't work for me. The problem is that they configure freeradius to send TCP Keepalive messages over the connection, but these packets are just TCP packets, they don't content any ldap command, so openldap idle_timeout is still applied. Well... poke the server occasionally using radclient. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius and LDAP keepalive
Hello, I have a freeradius 2.1.10 running in a ubuntu (10.04) server. My users are in a ldap directory. The problem I have is that openldap server has an idle timeout (if there is more than this time with an idle connection, openldap closes the connection). So I want to know if there is some way to configure a keepalive on the ldap connection of freeradius. I have found in http://freeradius.1045715.n5.nabble.com/rlm-ldap-amp-TCP-KeepAlive-td2795077.html that it seems to be code to do this. I have checked this code with code from version 2.1.10 and it is there, but I think I have to configure something because connections are closed and I have logs like: Sep 7 12:12:51 vulpes22 freeradius[21497]: RADIUS Requested access: myuser@mydomain (0) Sep 7 12:12:51 vulpes22 freeradius[21497]: [ldap-email] ldap_search() failed: LDAP connection lost. Sep 7 12:12:51 vulpes22 freeradius[21497]: [ldap-email] Attempting reconnect Sep 7 12:12:51 vulpes22 freeradius[21497]: Login OK: [myuser@mydomain] (from client XXX port 1) freeradius is working (it reconnects with the ldap without any problem), but I want to avoid this error. Is there any way to configure this keepalive? -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica_(___V Tfo: 868887590 Fax: 86337 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and LDAP keepalive
Angel L. Mateo wrote: I have a freeradius 2.1.10 running in a ubuntu (10.04) server. My users are in a ldap directory. The problem I have is that openldap server has an idle timeout (if there is more than this time with an idle connection, openldap closes the connection). So I want to know if there is some way to configure a keepalive on the ldap connection of freeradius. ... Is there any way to configure this keepalive? In 2.1.12, the keepalive configuration is documented in raddb/modules/ldap Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and LDAP keepalive
El 07/09/11 13:02, Alan DeKok escribió: Angel L. Mateo wrote: I have a freeradius 2.1.10 running in a ubuntu (10.04) server. My users are in a ldap directory. The problem I have is that openldap server has an idle timeout (if there is more than this time with an idle connection, openldap closes the connection). So I want to know if there is some way to configure a keepalive on the ldap connection of freeradius. ... Is there any way to configure this keepalive? In 2.1.12, the keepalive configuration is documented in raddb/modules/ldap I didn't find any 2.1.12 freeradius version (the latest version at freeradius web is 2.1.11). In 2.1.11 (and 2.1.10) the options I have found that could be related are: * ldap_connections_number: number of active ldap connections (although I have this value configured as 15, I can only see one active connection with netstat) * timeout: Timeout to finish a query * timelimit: Timeout that the ldap server has to finish the query * net_timetout: Seconds to wait for resopnse of the server As far as I understand, none of these values is for a keepalive. Is there any other parameter? -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica_(___V Tfo: 868887590 Fax: 86337 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and LDAP keepalive
Angel L. Mateo wrote: I didn't find any 2.1.12 freeradius version (the latest version at freeradius web is 2.1.11). In 2.1.11 (and 2.1.10) the options I have found that could be related are: 2.1.12 will be released soon. * ldap_connections_number: number of active ldap connections (although I have this value configured as 15, I can only see one active connection with netstat) * timeout: Timeout to finish a query * timelimit: Timeout that the ldap server has to finish the query * net_timetout: Seconds to wait for resopnse of the server As far as I understand, none of these values is for a keepalive. Is there any other parameter? See https://github.com/alandekok/freeradius-server/tree/v2.1.x Download a tar file. It is a pre-release version of 2.1.12. Then see raddb/modules/ldap, as I suggested. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html