Using LDAPS with Freeradius
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Wed Jan 22 15:39:47 CET 2020
> On Jan 21, 2020, at 9:14 PM, Byron Jeffery <byronjeffery at cem.org.au> wrote:
>
> Thanks for the add Arran
>
> So something like this in the ldap module config:
>
> server = "ldaps://serverurl"
Yes.
> - Also to clarify, is it necessary to specify the ca_file path and set
> require_cert = 'allow' for self sign certificates if doing LDAPS?
Sure if you want to allow MITM attacks. Otherwise you need some kind of trust anchor.
For self-signed, i'd say you provide a copy of the certificate in ca_file, and set require_cert to 'hard'.
Not 100% though, never configured it...
-Arran
More information about the Freeradius-Users
mailing list