FR, LDAP (AD) issues

Alan DeKok aland at deployingradius.com
Tue Dec 8 15:37:51 CET 2020


On Dec 8, 2020, at 9:34 AM, Michael Ströder via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> 
> On 12/8/20 2:41 PM, Alan DeKok wrote:
>>  The issue is RedHat.  They've linked libldap against GNUTLS, which is *not* compatible with OpenSSL.
> 
> Debian links libldap against GnuTLS. AFAIK RedHat never did this.
> 
> RedHat/CentOS had libldap linked against libnss (Mozilla's crypto lib)
> until recently. They switched back to libldap linked against OpenSSL.

  Ah yes.  Similar, but different.

  Whether it's libnss or GNUTLS, the underlying issue is the same.  Libraries which claim to be "compatible" but aren't.

  The fix is still the same tho.  Use libraries which aren't broken.

  Alan DeKok.




More information about the Freeradius-Users mailing list