Ldap searches don't seem to honour connect_timeout
Franks Andy (IT Technical Architecture Manager)
Andy.Franks at sath.nhs.uk
Tue May 10 23:12:16 CEST 2016
Thanks Alan,
I followed part of that, can't profess to be an expert in library interaction and such, sorry.
I am not sure really what to do next. Most of the libraries I got from standard installs off the ubuntu repos, are we talking fairly significant compilation of other stuff do you think?
Thanks again
andy
________________________________________
From: Freeradius-Users [freeradius-users-bounces+andy.franks=sath.nhs.uk at lists.freeradius.org] on behalf of Alan DeKok [aland at deployingradius.com]
Sent: 10 May 2016 21:48
To: FreeRadius users mailing list
Subject: Re: Ldap searches don't seem to honour connect_timeout
On May 10, 2016, at 4:44 PM, Franks Andy (IT Technical Architecture Manager) <Andy.Franks at sath.nhs.uk> wrote:
>
> Ok, ldd against rlm_ldap.so gives
>
> rlm_ldap.so:
> ...
> libgnutls.so.26 => /usr/lib/x86_64-linux-gnu/libgnutls.so.26 (0x00007f7e47947000)
> ..
Ugh. I wouldn't be surprised if that was it.
Both GnuTLS and NSS provide compatibility layers for OpenSSL. But.... they're *compatibility* layers, not 100% emulators.
The solution is ensure that all libraries and applications use the same SSL library. Since FreeRADIUS *can't* be ported to GnuTLS / NSS, then LDAP, etc. has to be build with OpenSSL.
OpenSSL just provides more functionality than the other libraries. We would lose a lot of features if we tried to use them.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list