Using LDAPS with Freeradius

Arran Cudbard-Bell a.cudbardb at
Wed Jan 22 15:39:47 CET 2020

> On Jan 21, 2020, at 9:14 PM, Byron Jeffery <byronjeffery at> wrote:
> Thanks for the add Arran
> So something like this in the ldap module config:
> server = "ldaps://serverurl"


>   - Also to clarify, is it necessary to specify the ca_file path and set
>   require_cert = 'allow' for self sign certificates if doing LDAPS?

Sure if you want to allow MITM attacks.  Otherwise you need some kind of trust anchor.  

For self-signed, i'd say you provide a copy of the certificate in ca_file, and set require_cert to 'hard'.

Not 100% though, never configured it...


More information about the Freeradius-Users mailing list