Ldap searches don't seem to honour connect_timeout
torlasz at xenia.sote.hu
Wed May 11 11:02:00 CEST 2016
On 05/11/2016 10:47 AM, A.L.M.Buxey at lboro.ac.uk wrote:
>> Looks like I have to rebuild my freeradius-ldap too to use openssl
>> right? The RedHat documentation on the freeradius site doesn't say
>> anything about how to switch to openssl. Are there any pointers how
>> to do this?
> already told you how
OK, thank you for your response, I am likely to end up doing that.
However, as far as I know RHEL supports both nss and openssl (e.g. for
the apache httpd), so there should be a way to build the freeradius rpm
properly using openssl libs. Perhaps someone who knows more about rpm
building than me can do that and add it to the freeradius wiki.
> remove any local openldap devel package that was installed from redhat repos - as that
> will use NSS
> download latest openldap2 code (obviously I assume you have the openssl-devel package installed)
> make install
> (this will slap (no pun intended!) everything into /usr/local/* rather than over the RPM openldap
> (which you cannot remove due to many many package dependencies)
> then ensure /usr/local/lib is in /etc/ld.so.conf file and run 'ldconfig -v'
> now, rebuild freeradius3 as you've already done. the ./configure part will pick up the openldap includes
> (and only your local one as you've removed the redhat includes....)
> et voila. freeradius now with openldap2 using OpenSSL (verify check with ldd against the rlm_ldap.so file)
> TLS/STARTSSL openldap connections will now open/close/repon/reestablish etc
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users