Hello list,
I'm using a sql database for authorization and ldap for authentication.
For fail-over reasons I want to authenticate against user-password
information stored in my sql database if my ldap servers are not
available (all ldap modules return fail).
For authentication I configured:
Auth-Type LDAP {
redundant-load-balance {
ldap1
ldap2
ldap3
}
if(fail) {
pap
}
}
So I set the network interfaces of my ldap servers manually to down and
startet testing. But the timeouts for every ldap module are too big
(circa 50 seconds).
I noticed the timeout directives in the ldap module. In all three ldap
modules the net_timeout is set to "1".
Question 1: How can I reduce these timeouts?
Question 2: Can I check earlier my ldap servers are available and if
not skip Auth-Type LDAP or setting Auth-Type to PAP?
Question 3: Are there any other opportunities to do Auth-Type PAP if
Auth-Type LDAP fails?
Thanks in advance,
Tobias Hachmer
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
