Jonathan Gazeley Jonathan.Gazeley at
Wed Jan 4 16:14:18 CET 2017

On 04/01/17 14:14, A.L.M.Buxey at wrote:
> Hi,
> using connection pools?  the server is used if theres a known connection
> to it if using stateful methods - eg TCP and SSL...

We are using one connection pool for each of the LDAP servers we have 
here. They are templated to ensure consistency.

> are you using SSL based connections?  if so, is your OpenLDAP compiled against
> OpenSSL or against LibNSS? if the later then theres  a hideous pit of incompatibilities
> (that we hit) that can only be resolved by using a locally compiled version of OpenLDAP
> compiled against OpenSSL (which results in a pretty flawless pool system).

Yes, we are using SSL. We're using the standard OpenLDAP package 
distributed with CentOS 7, which is built against libnss. Obviously I 
prefer to rebuild as little of the system as possible but I'm open to 
the idea of rebuilding OpenLDAP against OpenSSL if necessary.

What problems did you run into?


Jonathan Gazeley
Senior Systems Administrator
IT Services
University of Bristol

More information about the Freeradius-Users mailing list