Ldap searches don't seem to honour connect_timeout

Franks Andy (IT Technical Architecture Manager) Andy.Franks at sath.nhs.uk
Wed May 11 13:46:19 CEST 2016

  Does this look better? Just thought I'd confirm before I went ahead and installed it all.. No mentioned of gnutls and it's got libssl instead, which belongs to libssl1.0.0, the description being

Description-en: SSL shared libraries
 libssl and libcrypto shared libraries needed by programs like
 apache-ssl, telnet-ssl and openssh.
 It is part of the OpenSSL implementation of SSL.

      Ldd output:

        /home/andy/freeradius-server/build/lib/local/.libs# ldd rlm_ldap.so
        linux-vdso.so.1 =>  (0x00007fff1dfec000)
        libldap-2.4.so.2 => /usr/local/lib/libldap-2.4.so.2 (0x00007fb516981000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fb5165b9000)
        liblber-2.4.so.2 => /usr/local/lib/liblber-2.4.so.2 (0x00007fb5163a9000)
        libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007fb51618f000)
        libsasl2.so.2 => /usr/lib/x86_64-linux-gnu/libsasl2.so.2 (0x00007fb515f74000)
        libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007fb515d15000)
        libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007fb515939000)
        /lib64/ld-linux-x86-64.so.2 (0x00007fb516df7000)
        libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fb515735000)
        libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007fb51551b000)

Thanks again all.

-----Original Message-----
From: Freeradius-Users [mailto:freeradius-users-bounces+andy.franks=sath.nhs.uk at lists.freeradius.org] On Behalf Of A.L.M.Buxey at lboro.ac.uk
Sent: 10 May 2016 23:52
To: FreeRadius users mailing list
Subject: Re: Ldap searches don't seem to honour connect_timeout


>   I followed part of that, can't profess to be an expert in library interaction and such, sorry.
> I am not sure really what to do next. Most of the libraries I got from standard installs off the ubuntu repos, are we talking fairly significant compilation of other stuff do you think?

remove the openldap2-dev package

grab the latest openldap source from their page (or mirror) , ./configure, make, make install (it'll all go into /usr/local/ )

then redo the freeradius configure stuff..... should pick up the local openldap dev stuff.

ensure tht the local openldap library is known  (output of ldconfig -v shows it....may need to add the /usr/local/lib as first path in /etc/ld.so.conf 

make ; make install    - when you do the ldd stuff against rlm_ldap.so it should show openssl linkage instead

List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list