authenticating to ldaps/tls
Thibault Le Meur
Thibault.LeMeur at supelec.fr
Thu Feb 12 11:04:28 CET 2009
Peter Param a écrit :
> Hi all,
>
> I'm trying to authenticate to a LDAPS backend but failing. Any suggestions?
>
Is it an LDAP server answering on LDAPS connections (LDAP+SSL on port
636) or an LDAP server answering on LDAP connections that are then
secured by Start-TLS (LDAP on port 389 + Start-TLS) ?
These are 2 different options.
> ldap people_search {
> server = "ldap1.stvincents.com.au"
> port = 636
>
==> This implies an ldaps server
> identity = "cn=admin,o=org,c=au"
> password = ***
> filter = "(cn=%u)"
> basedn = "ou=people,ou=darlinghurst,ou=nsw,o=schs,c=au"
> tls {
> tls_mode = yes
> # to the LDAP database by using the StartTLS extended
> # operation.
> #
> # The StartTLS operation is supposed to be
> # used with normal ldap connections instead of
> # using ldaps (port 689) connections
> start_tls = yes
>
==> this is not compliant with and ldaps server
use start_tls=no
By the way, Alan and other Gurus, I think there is a small typo in the
comment:
# using ldaps (port 689) connections
Should be
# using ldaps (port 636) connections
HTH,
Thibault
More information about the Freeradius-Users
mailing list