authenticating to ldaps/tls

Thibault Le Meur Thibault.LeMeur at supelec.fr
Thu Feb 12 11:04:28 CET 2009


Peter Param a écrit :
> Hi all,
>
> I'm trying to authenticate to a LDAPS backend but failing.  Any suggestions?
>   
Is it an LDAP server answering on LDAPS connections (LDAP+SSL on port 
636) or an LDAP server answering on LDAP connections that are then 
secured by Start-TLS  (LDAP on port 389 + Start-TLS)  ?

These are 2 different options.


> ldap people_search {
>                 server = "ldap1.stvincents.com.au"
>                 port = 636
>   

==> This implies an ldaps server

>                 identity = "cn=admin,o=org,c=au"
>                 password = ***
>                 filter = "(cn=%u)"
>                 basedn = "ou=people,ou=darlinghurst,ou=nsw,o=schs,c=au"
>                 tls {
>                         tls_mode = yes
>                         # to the LDAP database by using the StartTLS extended
>                         # operation.
>                         #
>                         # The StartTLS operation is supposed to be
>                         # used with normal ldap connections instead of
>                         # using ldaps (port 689) connections
>                         start_tls = yes
>   
==> this is not compliant with and ldaps server
use start_tls=no

By the way, Alan and other Gurus, I think there is a small typo in the 
comment:

# using ldaps (port 689) connections

Should be

# using ldaps (port 636) connections


HTH,
Thibault



More information about the Freeradius-Users mailing list