Merge pull request #597 from skids/patch-1

FreeRADIUS · Apr 25, 2014 · 475ac8e · 475ac8e
1 parent 27c9b94
commit 475ac8e
Showing 1 changed file with 9 additions and 12 deletions.
diff --git a/raddb/mods-available/ldap b/raddb/mods-available/ldap
@@ -6,18 +6,10 @@
 #  Lightweight Directory Access Protocol (LDAP)
 #
 ldap {
-	#
-	#  Note that this needs to match the name in the LDAP
-	#  server certificate, if you're using ldaps.
-	#
-	#  The ldap client libraries can do fail-over from one
-	#  server to another.  Enable this by specifying
-	#  multiple host names, separated by commas.
-	#
-	#	e.g. server = "ldap1.example.org,ldap2.example.org"
-	#
-	#  Otherwise, it will use just one server.
-	server = "ldap.example.org"
+	#  Note that this needs to match the name(s) in the LDAP server
+	#  certificate, if you're using ldaps.  See OpenLDAP documentation
+	#  for the behavioral semantics of specifying more than one host.
+	server = "ldap.rrdns.example.org ldap.rrdns.example.org ldap.example.org"
 
 	#  Port to connect on, defaults to 389. Setting this to 636 will enable
 	#  LDAPS if start_tls (see below) is not able to be used.
@@ -204,6 +196,11 @@ ldap {
 		#  cacheable_dn else enable cacheable_name.
 #		cacheable_name = "no"
 #		cacheable_dn = "no"
+
+		#  Override the normal cache attribute (<inst>-LDAP-Group)
+		#  and create a custom attribute.  This can help if multiple
+		#  module instances are used in fail-over.
+#		cache_attribute = "LDAP-Cached-Membership"
 	}
 
 	#