NSS vs OpenSSL

Alan DeKok aland at deployingradius.com
Sat Apr 22 01:28:25 CEST 2017

On Apr 21, 2017, at 7:15 PM, Mark Williams <markhw at vt.edu> wrote:
> Well, I already have a custom install of OpenLDAP. In fact, I just wrote an
> Ansible play to handle that for me and specify --with-tls=openssl . I don't
> remember seeing such an option for FreeRADUS. How would I get FR to compile
> with those libraries as well?

  The long answer is "linker magic". :(

  The short answer is that it's safest to ensure there's only ONE version of libldap on the system when you build it.  Then, do:

$ ./configure --with-rlm-ldap-lib-dir=LIBDIR --with-rlm-ldap-include-dir=INCDIR

  Where LIBDIR and INCDIR are the actual paths to the libraries and header files.

  It's generally best to do builds like this on a dedicated build VM.  It should be the same base OS as the production VM, but with no production software installed.  That way you're sure it's linking to the right thing.

  Then, ensure that the production system has the same libldap in the same location as the build VM.  It should just work.

  Alan DeKok.

More information about the Freeradius-Users mailing list