Ldap searches don't seem to honour connect_timeout
Tornoci Laszlo
torlasz at xenia.sote.hu
Wed May 11 10:17:32 CEST 2016
Hi,
I have RHEL7, freeradius-3.0.11-1.el7.x86_64.rpm,
freeradius-ldap-3.0.11-1.el7.x86_64.rpm (built myself, using the very
helpful documentation here: http://wiki.freeradius.org/guide/Red-Hat-FAQ)
Currently I am using a 389ds ldap on another host without ssl, but I'm
planning to change to ssl.
ldd rlm_ldap.so
linux-vdso.so.1 => (0x00007ffd5f51e000)
libldap-2.4.so.2 => /lib64/libldap-2.4.so.2 (0x00007f734d771000)
libc.so.6 => /lib64/libc.so.6 (0x00007f734d3b0000)
liblber-2.4.so.2 => /lib64/liblber-2.4.so.2 (0x00007f734d1a0000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f734cf86000)
libsasl2.so.3 => /lib64/libsasl2.so.3 (0x00007f734cd69000)
libssl3.so => /lib64/libssl3.so (0x00007f734cb26000)
libsmime3.so => /lib64/libsmime3.so (0x00007f734c8ff000)
libnss3.so => /lib64/libnss3.so (0x00007f734c5d9000)
libnssutil3.so => /lib64/libnssutil3.so (0x00007f734c3ac000)
libplds4.so => /lib64/libplds4.so (0x00007f734c1a8000)
libplc4.so => /lib64/libplc4.so (0x00007f734bfa3000)
libnspr4.so => /lib64/libnspr4.so (0x00007f734bd64000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f734bb48000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f734b944000)
/lib64/ld-linux-x86-64.so.2 (0x00007f734dbe3000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f734b70c000)
libz.so.1 => /lib64/libz.so.1 (0x00007f734b4f6000)
librt.so.1 => /lib64/librt.so.1 (0x00007f734b2ed000)
libfreebl3.so => /lib64/libfreebl3.so (0x00007f734b0ea000)
Looks like I have to rebuild my freeradius-ldap too to use openssl
right? The RedHat documentation on the freeradius site doesn't say
anything about how to switch to openssl. Are there any pointers how to
do this?
Yours: Laszlo
On 05/10/2016 10:48 PM, Alan DeKok wrote:
> On May 10, 2016, at 4:44 PM, Franks Andy (IT Technical Architecture Manager) <Andy.Franks at sath.nhs.uk> wrote:
>>
>> Ok, ldd against rlm_ldap.so gives
>>
>> rlm_ldap.so:
>> ...
>> libgnutls.so.26 => /usr/lib/x86_64-linux-gnu/libgnutls.so.26 (0x00007f7e47947000)
>> ..
>
> Ugh. I wouldn't be surprised if that was it.
>
> Both GnuTLS and NSS provide compatibility layers for OpenSSL. But.... they're *compatibility* layers, not 100% emulators.
>
> The solution is ensure that all libraries and applications use the same SSL library. Since FreeRADIUS *can't* be ported to GnuTLS / NSS, then LDAP, etc. has to be build with OpenSSL.
>
> OpenSSL just provides more functionality than the other libraries. We would lose a lot of features if we tried to use them.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list