Hi, On Wed, 6 Apr 2011, Karl Gaissmaier wrote:
> Hi RADIATOR team, > > I've got a problem with Version 4.7 and AuthBy LDAP2. The LDAP server > terminates > the connection after 10min of client idle as configured in slapd.conf. > > Seems that the RADIATOR doesn't recognize this, and the first ACCESS-REQUEST > after this termination gets the following error: > > Wed Apr 6 00:32:34 2011: ERR: ldap search for (|(mail=foo)(uid=bar)) failed > with error LDAP_SERVER_DOWN. > Wed Apr 6 00:32:34 2011: ERR: Disconnecting from LDAP server (server > foo.uni-ulm.de:636). > Wed Apr 6 00:32:34 2011: DEBUG: AuthBy LDAP2 result: IGNORE, User database > access error this is strange as Radiator-4.x has explicit support for reconnecting to ldap servers after an idle timeout. > See the config part below: > > <AuthBy LDAP2> > PacketTrace > HoldServerConnection > NoDefault > > Host foo.uni-ulm.de > Version 3 > FailureBackoffTime 3 > > UseSSL > SSLVerify require > SSLCAFile %D/certificates/ca-bundle.crt > > AuthDN cn=secret > AuthPassword more-secret > > BaseDN ou=bar,dc=uni-ulm,dc=de > Scope one > > # username oder e-mail > SearchFilter (|(mail=%1)(uid=%1)) > PasswordAttr userPassword > </AuthBy> Perhaps as you only have one ldap server to forward to you should set FailureBackoffTime to 0 to allow radiator to immediatly to reconnect. Casual reading of the source code makes me think this might be the problem. <snipp/> > HINTS: > > I didn't see this problem with RADIATOR 3.11. > Sigh, I can't go back to 3.11 to verify it definitely. > Sigh, I know, it's a big step from 3.11 to 4.7. > > The LDAP server didn't change during the RADIATOR upgrade. > We are using an openldap-2.3.35 under SunOS 5.10 and openssl-0.9.8-latest. As a side note and nothing to do with your current problem. Latest stable is openldap-2.4.23 and latest released is 2.4.25. You should consider updating for anything but a trivial directory setup. There have been lots of fixes since openldap 2.3. Greetings Christian -- Christian Kratzer CK Software GmbH Email: [email protected] Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Web: http://www.cksoft.de/ Geschaeftsfuehrer: Christian Kratzer _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
