Ldap searches don't seem to honour connect_timeout

Alan DeKok aland at deployingradius.com
Tue May 10 22:48:21 CEST 2016


On May 10, 2016, at 4:44 PM, Franks Andy (IT Technical Architecture Manager) <Andy.Franks at sath.nhs.uk> wrote:
> 
> Ok, ldd against rlm_ldap.so gives
> 
> rlm_ldap.so:
> ...
>        libgnutls.so.26 => /usr/lib/x86_64-linux-gnu/libgnutls.so.26 (0x00007f7e47947000)
>  ..

  Ugh.  I wouldn't be surprised if that was it.

  Both GnuTLS and NSS provide compatibility layers for OpenSSL.  But.... they're *compatibility* layers, not 100% emulators.

  The solution is ensure that all libraries and applications use the same SSL library.  Since FreeRADIUS *can't* be ported to GnuTLS / NSS, then LDAP, etc. has to be build with OpenSSL.

  OpenSSL just provides more functionality than the other libraries.  We would lose a lot of features if we tried to use them.

  Alan DeKok.




More information about the Freeradius-Users mailing list