[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: freeradius 3.0.15 not tarting if one LDAP server not reachable
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2017-12-15 15:55:41
Message-ID: 6766B797-F4F9-4ED0-ABA2-F59EE859FAFD () deployingradius ! com
[Download RAW message or body]

On Dec 15, 2017, at 9:01 AM, Enno Gröper <groepeen@cms.hu-berlin.de> wrote:
> If one of those ldap servers (i.e. ldap_cms2) can't be reached (temporary failure, \
> maintenance, ...), freeradius won't start: 
> Thu Dec 14 21:05:31 2017 : Error: rlm_ldap (ldap_cms2): Could not start TLS: Can't \
> contact LDAP server Thu Dec 14 21:05:31 2017 : Error: rlm_ldap (ldap_cms2): Opening \
> connection failed (0) Thu Dec 14 21:05:31 2017 : Error: \
> /usr2/freeradius/etc/raddb/mods-enabled/ldap[844]: Instantiation failed for module \
> "ldap_cms2" Thu Dec 14 21:05:36 2017 : Info: Debugger not attached
> 
> Are there any ideas how to work around this problem?

  Set "start = 0" in the "pool" subsection of raddb/mods-enabled/ldap

> Do you think error handling could be extended here to distinguish between temporary \
> and permanent (configuration) errors?

  How would you tell the difference between the two?

> Or would this add too much complexity?
> I assume, this would be a too complex change for 3.x.
> At this point in time we don't know, that there will be a redundant config for this \
> authentication source. Should I open a bug for this?

  Nope.  You can work around the issue using the standard configuration options.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]