Ldap searches don't seem to honour connect_timeout
Alan DeKok
aland at deployingradius.com
Tue May 10 22:48:21 CEST 2016
On May 10, 2016, at 4:44 PM, Franks Andy (IT Technical Architecture Manager) <Andy.Franks at sath.nhs.uk> wrote:
>
> Ok, ldd against rlm_ldap.so gives
>
> rlm_ldap.so:
> ...
> libgnutls.so.26 => /usr/lib/x86_64-linux-gnu/libgnutls.so.26 (0x00007f7e47947000)
> ..
Ugh. I wouldn't be surprised if that was it.
Both GnuTLS and NSS provide compatibility layers for OpenSSL. But.... they're *compatibility* layers, not 100% emulators.
The solution is ensure that all libraries and applications use the same SSL library. Since FreeRADIUS *can't* be ported to GnuTLS / NSS, then LDAP, etc. has to be build with OpenSSL.
OpenSSL just provides more functionality than the other libraries. We would lose a lot of features if we tried to use them.
Alan DeKok.
More information about the Freeradius-Users
mailing list