LDAPS problem while migrating from 2 to 3

Olivier Olivier.Nicole at cs.ait.ac.th
Thu Jun 29 08:30:16 CEST 2017 

Hi,

I have a working environment based on FreeRadius 2.2 and OpenLDAP 2.4.
It binds to the LDAP server on ldaps://ldap.cs.ait.ac.th/

I am trying to upgrade to FreeRadius (3.0.14) and if I can bind to
ldap://..., I cannot bind to ldaps://...

Thu Jun 29 13:12:38 2017 : Debug:   # Instantiating module "ldap_firewall" from file /usr/local/etc/raddb/mods-enabled/ldap
Thu Jun 29 13:12:38 2017 : Info: rlm_ldap: libldap vendor: OpenLDAP, version: 20441
Thu Jun 29 13:12:38 2017 : Debug: rlm_ldap (ldap_firewall): Couldn't find configuration for accounting, will return NOOP for calls from this section
Thu Jun 29 13:12:38 2017 : Debug: rlm_ldap (ldap_firewall): Couldn't find configuration for post-auth, will return NOOP for calls from this section
Thu Jun 29 13:12:38 2017 : Debug: LDAP server string: ldaps://ldap.cs.ait.ac.th:636
Thu Jun 29 13:12:38 2017 : Debug: rlm_ldap (ldap_firewall): Using local pool section
Thu Jun 29 13:12:38 2017 : Debug: rlm_ldap (ldap_firewall): No pool reference found for config item "ldap_firewall.pool"
Thu Jun 29 13:12:38 2017 : Debug: rlm_ldap (ldap_firewall): Initialising connection pool
...
Thu Jun 29 13:12:38 2017 : Info: rlm_ldap (ldap_firewall): Opening additional connection (0), 1 of 32 pending slots used
Thu Jun 29 13:12:38 2017 : Debug: rlm_ldap (ldap_firewall): Connecting to ldaps://ldap.cs.ait.ac.th:636
Thu Jun 29 13:12:38 2017 : Debug: rlm_ldap (ldap_firewall): New libldap handle 0x28e5c1e0
Thu Jun 29 13:12:38 2017 : Error: rlm_ldap (ldap_firewall): Bind with (anonymous) to ldaps://ldap.cs.ait.ac.th:636 failed: Can't contact LDAP server
Thu Jun 29 13:12:38 2017 : Debug: rlm_ldap: Closing libldap handle 0x28e5c1e0
Thu Jun 29 13:12:38 2017 : Error: rlm_ldap (ldap_firewall): Opening connection failed (0)
Thu Jun 29 13:12:38 2017 : Debug: rlm_ldap (ldap_firewall): Removing connection pool
Thu Jun 29 13:12:38 2017 : Error: /usr/local/etc/raddb/mods-enabled/ldap[1]: Instantiation failed for module "ldap_firewall"

What could I be missing?

I found a reference about OpenLDAP being compiled with NSS, but being on
FreeBSD, I am pretty sure that both OpenLDAP and FreeRadius us openssl.

TIA,

Olivier
--

More information about the Freeradius-Users mailing list