LDAP (rlm_ldap) Version 3.0.9

Song Zou a13519 at me.com
Mon Nov 19 13:38:20 CET 2018


please don’t send email

On Jul 21, 2015, at 01:30, Scott Pickles via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:

> Alan - 
> 
> When I installed the ldap module the first time, I was using the version of OpenSSL that shipped with CentOS.  But when I fired up freeradius it was still finding/reporting a heartbleed variant.  That's what lead me to install the updated version of OpenSSL manually.  I did find on the Git repository a script that will add the SSL lib path.  This seems like it should work?  I never did check the version of OpenSSL shipped with CentOS but as you mention it *should* be a non-heartbleed variant.
> 
> #!/bin/sh
> #
> #  The purpose of this script is to forcibly load the *correct* version
> #  of OpenSSL for FreeRADIUS, when you have more than one version of OpenSSL
> #  installed on your system.
> #
> #  You'll have to edit the directories to the correct location
> #  for your local system.
> #
> #    $Id: e791dffc2687bdb94bfb0516fff8f4f5b4ec3670 $
> #
> 
> LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/ssl/lib:/usr/local/radius/lib
> LD_PRELOAD=/usr/local/ssl/lib/libcrypto.so
> 
> export LD_LIBRARY_PATH LD_PRELOAD
> exec /usr/local/radius/sbin/radiusd $@
> 
> 
> 
> 
> 
>  On Monday, July 20, 2015 10:28 AM, Alan DeKok <aland at deployingradius.com> wrote:
> 
> 
> On Jul 20, 2015, at 4:26 PM, Scott Pickles via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> I'm running a CentOS 7 environment and I just did a fresh install of v3.0.9 of FreeRADIUS.  I also installed version 1.0.2d of openssl so I'm not subject to heartbleed.  When I installed the ldap module, yum downloaded version 3.0.4 and also installed a heartbleed vulnerable version of openssl and broke my install.  
> 
>   Which is why you don't install manual packages on top of existing ones.  CentOS *should* have a fixed version of OpenSSL.
> 
> I know how to patch radiusd.conf for the heartbleed vulnerability but I'd rather not.  So I removed the ldap module, re-installed openssl 1.0.2d and recompiled FreeRADIUS.  Is there a repo that will provide me with a 3.0.9 version of the ldap module?  If not, can I compile and point to my lib directory for openssl 1.0.2d instead?  Yum downloads an RPM and I don't know of a way to simply extract that, so I am looking for a way to compile from source for either version 3.0.4 or 3.0.9 if it exists.  Don't know where to look for the source(s).
> 
>   Install the OpenSSL from CentOS.  It should have the fix.  See the release notes for details.
> 
>   Alan DeKok.
> 
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list