A.L.M.Buxey at A.L.M.Buxey at
Wed Jan 4 16:20:22 CET 2017


> Yes, we are using SSL. We're using the standard OpenLDAP package
> distributed with CentOS 7, which is built against libnss. Obviously
> I prefer to rebuild as little of the system as possible but I'm open
> to the idea of rebuilding OpenLDAP against OpenSSL if necessary.

yes, rebuild. gfairly simple process, get openldap source, compile, install
(eg into /usr/local) , remove openldap-devel RPM (keep the system openldap
for other things...) - then compile FR again but ensure its picking up the openldap
installed in /usr/local  (use the configure flags)

> What problems did you run into?

several things - most based on connections not reestablishing, connections not noted
as failed, TLS issues etc.


More information about the Freeradius-Users mailing list