From 475ac8e4dbdabeb4f9cdac0b2f8d66f62b03c0e4 Mon Sep 17 00:00:00 2001
From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Date: Sat, 26 Apr 2014 00:41:22 +0100
Subject: [PATCH] Merge pull request #597 from skids/patch-1

---
 raddb/mods-available/ldap | 21 +++++++++------------
 1 file changed, 9 insertions(+), 12 deletions(-)

diff --git a/raddb/mods-available/ldap b/raddb/mods-available/ldap
index 33381518daea..af3f155ff51f 100644
--- a/raddb/mods-available/ldap
+++ b/raddb/mods-available/ldap
@@ -6,18 +6,10 @@
 #  Lightweight Directory Access Protocol (LDAP)
 #
 ldap {
-	#
-	#  Note that this needs to match the name in the LDAP
-	#  server certificate, if you're using ldaps.
-	#
-	#  The ldap client libraries can do fail-over from one
-	#  server to another.  Enable this by specifying
-	#  multiple host names, separated by commas.
-	#
-	#	e.g. server = "ldap1.example.org,ldap2.example.org"
-	#
-	#  Otherwise, it will use just one server.
-	server = "ldap.example.org"
+	#  Note that this needs to match the name(s) in the LDAP server
+	#  certificate, if you're using ldaps.  See OpenLDAP documentation
+	#  for the behavioral semantics of specifying more than one host.
+	server = "ldap.rrdns.example.org ldap.rrdns.example.org ldap.example.org"
 
 	#  Port to connect on, defaults to 389. Setting this to 636 will enable
 	#  LDAPS if start_tls (see below) is not able to be used.
@@ -204,6 +196,11 @@ ldap {
 		#  cacheable_dn else enable cacheable_name.
 #		cacheable_name = "no"
 #		cacheable_dn = "no"
+
+		#  Override the normal cache attribute (<inst>-LDAP-Group)
+		#  and create a custom attribute.  This can help if multiple
+		#  module instances are used in fail-over.
+#		cache_attribute = "LDAP-Cached-Membership"
 	}
 
 	#