On 12/17/2010 11:29 PM, Christian Kratzer wrote: >> one more quick question. What is the behavior of AuthBy LDAP2 with a >> round-robin DNS entry (multiple A records for the RR)? If I'd like >> failover behavior, will a single Host declaration with a round-robin >> record be enough, or do I need to list out each individual LDAP >> server? > > you should explicitly list all servers as Dns will get resolved once > on load of config.
That is true with e.g. Clients, but from the manual it looks like AuthBy LDAP2 behaves a bit differently. Quote: Multiple space separated host names can be specified and Net::LDAP will choose the first available one. A quick check shows that the host name(s) are passed to Net::LDAP which takes care of resolving names to addresses. Note also how the doc below says hosts are tried until there is success. http://search.cpan.org/~gbarr/perl-ldap-0.4001/lib/Net/LDAP.pod#new Radiator seems to create a new Net::LDAP for each (re)connect so it might be that DNS is queried when there was a disconnect and a reconnect needs to be done. So listing the hosts, like Christian writes, seems to be easier than trying to follow Net::LDAP's method of resolution. -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
