Problem with authentication against FreeIPA

Alan DeKok aland at
Mon Oct 21 13:47:33 CEST 2019

On Oct 21, 2019, at 6:04 AM, Daniel Osielczak via Freeradius-Users <freeradius-users at> wrote
> I got it to work but there is a weird issue with SASL:
> ++++++++
> rlm_ldap: libldap vendor: OpenLDAP, version: 20448
> rlm_ldap (ldap): Couldn't find configuration for accounting, will return NOOP for calls from this section
> rlm_ldap (ldap): Couldn't find configuration for post-auth, will return NOOP for calls from this section
> /etc/raddb/mods-enabled/ldap[5]: Configuration item 'sasl.mech' not supported.  Linked libldap does not provide ldap_sasl_interactive_bind function
> /etc/raddb/mods-enabled/ldap[5]: Instantiation failed for module "ldap"
> +++++++++
> This is by no means a deal-braker in our current setup so I continue to use radius without SALS but I find it odd, especially that both libldaps (the CentOS one and the NetworkRADIUS one) actually provide this function.

  The message really means that SASL was not found when rlm_ldap was built.  It doesn't really matter if libldap provides a ldap_sasl_interactive_bind function, as it's hard for rlm_ldap to determine that at run-time.

> Any idea why that is?

  rlm_ldap has to be built with SASL support.  See the output of configure as to why it's not building with SASL support.

  Alan DeKok.

More information about the Freeradius-Users mailing list