Ldap searches don't seem to honour connect_timeout

Tornoci Laszlo torlasz at xenia.sote.hu
Wed May 11 11:02:00 CEST 2016


On 05/11/2016 10:47 AM, A.L.M.Buxey at lboro.ac.uk wrote:
> Hi,
>
>> Looks like I have to rebuild my freeradius-ldap too to use openssl
>> right? The RedHat documentation on the freeradius site doesn't say
>> anything about how to switch to openssl. Are there any pointers how
>> to do this?
>
> already told you how

OK, thank you for your response, I am likely to end up doing that. 
However, as far as I know RHEL supports both nss and openssl (e.g. for 
the apache httpd), so there should be a way to build the freeradius rpm 
properly using openssl libs. Perhaps someone who knows more about rpm 
building than me can do that and add it to the freeradius wiki.

Yours: Laszlo

>
>
> remove any local openldap devel package that was installed from redhat repos - as that
> will use NSS
>
>
> download latest openldap2 code  (obviously I assume you have the openssl-devel package installed)
>
> ./configure
> make
> make install
>
>
> (this will slap (no pun intended!) everything into /usr/local/*  rather than over the RPM openldap
> (which you cannot remove due to many many package dependencies)
>
>
> then ensure /usr/local/lib is in /etc/ld.so.conf file and run  'ldconfig -v'
>
> now, rebuild freeradius3 as you've already done.   the ./configure part will pick up the openldap includes
> (and only your local one as you've removed the redhat includes....)
>
> et voila.   freeradius now with openldap2 using OpenSSL  (verify check with ldd against the rlm_ldap.so file)
>
> TLS/STARTSSL openldap connections will now open/close/repon/reestablish etc
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>



More information about the Freeradius-Users mailing list