Using LDAPS with Freeradius
Byron Jeffery
byronjeffery at cem.org.au
Wed Jan 22 03:14:12 CET 2020
Thanks for the add Arran
So something like this in the ldap module config:
server = "ldaps://serverurl"
- Also to clarify, is it necessary to specify the ca_file path and set
require_cert = 'allow' for self sign certificates if doing LDAPS?
-
- Kind Regards
- Byron Jeffery
- Assisting ICT Manager
On Wed, 22 Jan 2020 at 11:28, Arran Cudbard-Bell <a.cudbardb at freeradius.org>
wrote:
>
>
> > On 21 Jan 2020, at 02:31, Peter Lambrechtsen <peter at crypt.nz> wrote:
> >
> > That is the only way it works. And if it's working and you should see an
> > established tcp connection to the ldap server on port 636.
> > If it wasn't encrypted it would be on port 389. So it's encrypted.
>
> Just to add, the correct way of enabling LDAPS for the ldap module is to
> add the ldaps:// URI prefix to the server config item. Just setting port
> 636 will result in the LDAP module failing to connect to the LDAP server.
>
> You also do not need to specify the port explicitly if running on the
> default port, it's set automatically by the rlm_ldap code.
>
>
> https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/src/modules/rlm_ldap/rlm_ldap.c#L945
>
> -Arran
>
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS Development Team
>
> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list