rlm_ldap: could not start TLS
Marc Delisle
Marc.Delisle at cegepsherbrooke.qc.ca
Sat Apr 1 21:15:21 CEST 2006
George C. Kaplan a écrit :
>
> On Apr 1, 2006, at 5:28 AM, Marc Delisle wrote:
>
>> Hi,
>>
>> I'm trying to make freeradius 1.1.0 contact a LDAP server.
>> I configured freeradius --with-edir.
>>
>> The error I get is
>> "rlm_ldap: could not start TLS Can't contact LDAP server"
>>
>> I followed this document
>> http://www.novell.com/coolsolutions/tip/15922.html
>>
>> except that in my case, the LDAP server is on Netware 6.5 SP5.
>>
>> On this Netware server, LDAP responds correctly over SSL, as tested
>> with Novell's ldapsearch on port 636.
>
> I had a problem similar to this: 'ldapsearch' worked, but Freeradius
> couldn't make an LDAP connection with TLS. It turns out that my system
> had two versions of the openssl library, and radiusd was linking to the
> wrong version. It was kind of confusing, since the rlm_ldap module was
> linked to the correct library (in /usr/local/lib), but radiusd was
> linked to the one in /usr/lib, and that's the one that got loaded at run
> time.
>
> I ended up setting --with-openssl-includes and --with-openssl-libraries
> in the Makefile for the port (I'm using FreeBSD 5.4), and that solved
> the problem.
>
> --George C. Kaplan gckaplan at ack.berkeley.edu
> Communication & Network Services 510-643-0496
> University of California at Berkeley
Thanks George for your answer. I checked: both radiusd and
rlm_ldap-1.1.0.so are linked to /usr/lib/libssl.so.0.9.7. I am on Linux.
Should this version (openssl 0.9.7e) work?
Marc Delisle
More information about the Freeradius-Users
mailing list