FreeRadius LDAP connection to Google Workspce

Alan DeKok aland at
Fri Oct 1 17:41:16 CEST 2021

> On Oct 1, 2021, at 11:35 AM, Benjamin Diehl <benjamin.diehl at> wrote:
> root at FreeRadius:~# LDAPTLS_CERT={/etc/freeradius/3.0/certs/ldap-client.crt} LDAPTLS_KEY={/etc/freeradius/3.0/certs/ldap-client.key} ldapsearch -H ldaps:// -b dc={foundationacademy},dc={net} '(main={admin at})' -d8
> TLS: opening `{/etc/freeradius/3.0/certs/ldap-client.key}' failed: No such file or directory
> TLS: could not use private key file `{/etc/freeradius/3.0/certs/ldap-client.key}`.

  Why are you putting {} around everything?

  LDAPTLS_CERT is a filename.  There's no need to add {} everywhere.  Just use this, without the {} mangling:

LDAPTLS_CERT=/etc/freeradius/3.0/certs/ldap-client.crt LDAPTLS_KEY=/etc/freeradius/3.0/certs/ldap-client.key ldapsearch -H ldaps:// -b dc=foundationacademy,dc=net '(main=admin at' -d8

> ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
> I believe this would be the issue, however, I don’t know why it wouldn’t find it. I’ve triple checked and the file is in there and named exactly the same as the command.

  There is no file named "{/etc/...}"

  Alan DeKok.

More information about the Freeradius-Users mailing list