Using LDAPS with Freeradius

Arran Cudbard-Bell a.cudbardb at freeradius.org
Wed Jan 22 02:28:34 CET 2020



> On 21 Jan 2020, at 02:31, Peter Lambrechtsen <peter at crypt.nz> wrote:
> 
> That is the only way it works. And if it's working and you should see an
> established tcp connection to the ldap server on port 636.
> If it wasn't encrypted it would be on port 389. So it's encrypted.

Just to add, the correct way of enabling LDAPS for the ldap module is to add the ldaps:// URI prefix to the server config item.  Just setting port 636 will result in the LDAP module failing to connect to the LDAP server.

You also do not need to specify the port explicitly if running on the default port, it's set automatically by the rlm_ldap code.

https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/src/modules/rlm_ldap/rlm_ldap.c#L945

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2




More information about the Freeradius-Users mailing list