rlm_ldap: could not start TLS
George C. Kaplan
gckaplan at ack.berkeley.edu
Sat Apr 1 20:33:56 CEST 2006
On Apr 1, 2006, at 5:28 AM, Marc Delisle wrote:
> Hi,
>
> I'm trying to make freeradius 1.1.0 contact a LDAP server.
> I configured freeradius --with-edir.
>
> The error I get is
> "rlm_ldap: could not start TLS Can't contact LDAP server"
>
> I followed this document
> http://www.novell.com/coolsolutions/tip/15922.html
>
> except that in my case, the LDAP server is on Netware 6.5 SP5.
>
> On this Netware server, LDAP responds correctly over SSL, as tested
> with Novell's ldapsearch on port 636.
I had a problem similar to this: 'ldapsearch' worked, but Freeradius
couldn't make an LDAP connection with TLS. It turns out that my
system had two versions of the openssl library, and radiusd was
linking to the wrong version. It was kind of confusing, since the
rlm_ldap module was linked to the correct library (in /usr/local/
lib), but radiusd was linked to the one in /usr/lib, and that's the
one that got loaded at run time.
I ended up setting --with-openssl-includes and --with-openssl-
libraries in the Makefile for the port (I'm using FreeBSD 5.4), and
that solved the problem.
--
George C. Kaplan gckaplan at ack.berkeley.edu
Communication & Network Services 510-643-0496
University of California at Berkeley
More information about the Freeradius-Users
mailing list