Trouble getting ldaps to work

[Arran Cudbard-Bell]

On 9 Jan 2014, at 15:50, Alberto Martínez <alberto_martinez at deusto.es> wrote:

> It works. It just doesn't work as expected.
> 
> In normal mode radius.log shows apparently working binds on startup:
> 
> Thu Jan  9 13:33:06 2014 : Info: rlm_ldap (ldap_xxxxx): Opening additional connection (0)
> Thu Jan  9 13:33:06 2014 : Info: rlm_ldap (ldap_xxxxx): Opening additional connection (1)
> Thu Jan  9 13:33:06 2014 : Info: rlm_ldap (ldap_xxxxx): Opening additional connection (2)
> Thu Jan  9 13:33:06 2014 : Info: rlm_ldap (ldap_yyyyy): Opening additional connection (0)
> Thu Jan  9 13:33:06 2014 : Info: rlm_ldap (ldap_yyyyy): Opening additional connection (1)
> Thu Jan  9 13:33:06 2014 : Info: rlm_ldap (ldap_yyyyy): Opening additional connection (2)
> 
> radtest with a user from "users" returns Access-Accept
> 
> But radiusd -X is failing:
> 
> ...
> # Skipping instantiation of ldap_yyyyy
> ldap ldap_yyyyy {
> ...
> }

You should only see the above entry with -C...

Modules which utilise a finite pool of connections to another server should not
be loaded in config check mode, as instantiation may erroneously fail due to
connection limits.

Confirm you saw that in the output of '-X' and not '-C'.

> (0)   [files] = ok
> (0) ERROR: ldap_yyyyy : All ldap connections are in use
> (0)   [ldap_yyyyy] = fail
> (0)  } #  authorize = fail

No, I cannot see any reason for that, and it works fine for me and others.

Please provide full debug, and confirm you experienced that issue on the first
request.

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140109/af2189d4/attachment.pgp>