deactivate ldap.attrmap
Sebastian Heil
s3b0 at gmx.de
Wed Jan 30 10:08:26 CET 2008
Hello again,
> Sebastian Heil wrote:
> > Is there a way to deactivate the ldap.attrmap file?
>
> Edit the source code & re-compile.
>
Maybe i will try it... never done before... :-)
thanks anyway.
i have got another problem. since the authentication via ldap works now quite ok, i would like to try ldaps together with edirectory.
what do i have to configure?
i already imported the root certificate and configured the tls-section of the ldap-section like this:
tls {
start_tls = yes
cacertfile = /etc/raddb/certs/tc_class2.pem
require_cert = "demand"
}
but i doesn't work like this...
i added the following lines to the ldap-section:
port = 636
tls_mode = yes
tls_require_cert = demand
and i doesn't work either...
part of the debug:
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ************:636, authentication 0
rlm_ldap: setting TLS mode to 1
rlm_ldap: setting TLS CACert File to /etc/raddb/certs/tc_class2.pem
rlm_ldap: setting TLS Require Cert to demand
rlm_ldap: starting TLS
rlm_ldap: ldap_start_tls_s()
rlm_ldap: could not start TLS Can't contact LDAP server
rlm_ldap: (re)connection attempt failed
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
Any ideas?
Thanks.
Sebastian
--
GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS.
Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail
More information about the Freeradius-Users
mailing list