an infamous LDAP-FreeRadius question

Zoltan Ori z.ori at
Tue Jul 11 17:05:19 CEST 2006

On Tuesday 11 July 2006 10:10, Matt Ashfield wrote:
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to ldapserver2:389, authentication 0
> rlm_ldap: setting TLS CACert File to
> /etc/openldap/cacerts/20060206_ldap2_xxx_xxx.crt
> rlm_ldap: setting TLS Require Cert to demand
> rlm_ldap: starting TLS
> rlm_ldap: ldap_start_tls_s()
> rlm_ldap: could not start TLS Connect error
> rlm_ldap: (re)connection attempt failed
> rlm_ldap: search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
>   modcall[authorize]: module "ldap" returns fail for request 0

Apparently your LDAP server is not accepting TLS/SSL connections on port 389. 
You'll need to fix that. See the docs on rlm_ldap for specifying the correct 
port for your ldaps connection. I think it is as simple as 'port = 636'.

Zoltan Ori

More information about the Freeradius-Users mailing list