Guillaume Rousse wrote: > It does. But clarification between what's old and what's new syntax > doesn't harm.
The new syntax is documented, and is preferred. If you try the old one (undocumented and deprecated), it works. What needs clarification? > Right, but that seems to be only a syntax difference, refering to a > named instance of the LDAP module. One would expect the code to be more > robust, or at least the problem documented somewhere. It is very difficult to determine what is *supposed* to happen inside of an authentication section. if you have suggestions for how to make that determination, I'm interested. And the problem is documented: the debug log prints out a warning message, as you saw. > If I understand correctly, there no way to help the rlm_module > understand I'm using it for autentication, as I use a complex synta, so > I have to set it up explicitely, right ? Yes. > In this case, I think this > deserve some explanation in the rlm_ldap documentation, such as: > "Warning, if the LDAP module is not directly referenced to in > authentication section, such as a failover configuration using named > aliases, this setting will be disabled". The same problem applies to other modules, so it needs to be documented in one place. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html