rlm_ldap (ldap): Could not start TLS: Connect error

Arran Cudbard-Bell a.cudbardb at freeradius.org
Wed Dec 4 19:36:54 CET 2013 

On 4 Dec 2013, at 14:02, Hachmer, Tobias <Tobias.Hachmer at stadt-frankfurt.de> wrote:

> -----Ursprüngliche Nachricht-----
> Von: freeradius-users-bounces+tobias.hachmer=stadt-frankfurt.de at lists.freeradius.org [mailto:freeradius-users-bounces+tobias.hachmer=stadt-frankfurt.de at lists.freeradius.org] Im Auftrag von Arran Cudbard-Bell
> Gesendet: Mittwoch, 4. Dezember 2013 14:08
> An: FreeRadius users mailing list
> Betreff: Re: rlm_ldap (ldap): Could not start TLS: Connect error
> 
> On 4 Dec 2013, at 10:11, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
>> Fixed.
> 
> Radiusd starts now. But it is still not working.  Now radiusd gets a SIGABRT:
> ASSERT FAILED src/main/util.c[1025]: 0

That's not a valid line number, as in there is no assert on that line in either v3.0.x or master. Can you please build a version from source using a current version of 3.0.x or master. Also make sure radiusd is not picking up an old version of the libraries from somewhere.

For what it's worth, I just tested the LDAP profile functionality, with normal and generic attributes, and it works ok for me. Could you provide a copy of your LDAP configuration (redacted) and the complete output of radiusd -X and i'll try and replicate your issue here.

rlm_ldap (ldap): Reserved connection (4)
(1) ldap : 	expand: "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" -> '(uid=arr2036)'
(1) ldap : 	expand: "dc=rm-rfi,dc=com" -> 'dc=rm-rfi,dc=com'
(1) ldap : Performing search in 'dc=rm-rfi,dc=com' with filter '(uid=arr2036)'
(1) ldap : Waiting for search result...
(1) ldap : User object found at DN "uid=arr2036,ou=people,dc=rm-rfi,dc=com"
(1) ldap : 	expand: "cn=test0,cn=profile,dc=rm-rfi,dc=com" -> 'cn=test0,cn=profile,dc=rm-rfi,dc=com'
(1) ldap : 	expand: "(objectclass=radiusprofile)" -> '(objectclass=radiusprofile)'
(1) ldap : Performing search in 'cn=test0,cn=profile,dc=rm-rfi,dc=com' with filter '(objectclass=radiusprofile)'
(1) ldap : Waiting for search result...
(1) ldap : Processing profile attributes
(1) ldap : 		reply:Reply-Message := 'Reply attribute from test profile 0'
(1) ldap : 		request:Reply-Message += 'Generic attribute from test profile 0'
(1) ldap : 	expand: "(objectclass=radiusprofile)" -> '(objectclass=radiusprofile)'
(1) ldap : Performing search in 'cn=test1,cn=profile,dc=rm-rfi,dc=com' with filter '(objectclass=radiusprofile)'
(1) ldap : Waiting for search result...
(1) ldap : Processing profile attributes
(1) ldap : 		reply:Reply-Message := 'Reply attribute from test profile 1'
(1) ldap : 		control:Reply-Message += 'Generic attribute from test profile 1'
(1) ldap : Processing user attributes
(1) ldap : 		reply:Reply-Message := 'Reply attribute from user's profile'
rlm_ldap (ldap): Released connection (4)

I did find a small omission in the LDAP schema, which I will fix. Apparently only a single instance of radiusProfileDn by the old code, but the new code can process as many profiles as there are radiusProfileDn instances.

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

More information about the Freeradius-Users mailing list