rlm_ldap: could not start TLS

Marc Delisle Marc.Delisle at cegepsherbrooke.qc.ca
Sat Apr 1 21:15:21 CEST 2006

George C. Kaplan a écrit :
> On Apr 1, 2006, at 5:28 AM, Marc Delisle wrote:
>> Hi,
>> I'm trying to make freeradius 1.1.0 contact a LDAP server.
>> I configured freeradius --with-edir.
>> The error I get is
>> "rlm_ldap: could not start TLS Can't contact LDAP server"
>> I followed this document
>> http://www.novell.com/coolsolutions/tip/15922.html
>> except that in my case, the LDAP server is on Netware 6.5 SP5.
>> On this Netware server, LDAP responds correctly over SSL, as tested 
>> with  Novell's ldapsearch on port 636.
> I had a problem similar to this:  'ldapsearch' worked, but Freeradius 
> couldn't make an LDAP connection with TLS.  It turns out that my system 
> had two versions of the openssl library, and radiusd was linking to the 
> wrong version.  It was kind of confusing, since the rlm_ldap module was 
> linked to the correct library (in /usr/local/lib), but radiusd was 
> linked to the one in /usr/lib, and that's the one that got loaded at run 
> time.
> I ended up setting --with-openssl-includes and --with-openssl-libraries 
> in the Makefile for the port (I'm using FreeBSD 5.4), and that solved 
> the problem.
> --George C. Kaplan                            gckaplan at ack.berkeley.edu
> Communication & Network Services            510-643-0496
> University of California at Berkeley

Thanks George for your answer. I checked: both radiusd and 
rlm_ldap-1.1.0.so are linked to /usr/lib/libssl.so.0.9.7. I am on Linux.

Should this version (openssl 0.9.7e) work?

Marc Delisle

More information about the Freeradius-Users mailing list