Network RADIUS packages and LDAP/SASL

Adam Bishop Adam.Bishop at jisc.ac.uk
Wed Oct 26 13:57:45 UTC 2022 

I'm working on rebuilding our internal RADIUS systems, using the Network RADIUS packages rather than our own.

Our LDAP configuration uses SASL to authenticate to 389ds via a UNIX socket - works OK on RHEL 7.

The RHEL 8 hosts though (with the LTB packages) fail with:

  ...
  rlm_ldap: libldap vendor: OpenLDAP, version: 20459
  Configuration item 'sasl.mech' not supported.  Linked libldap does not provide ldap_sasl_interactive_bind function
  ...

As far as I can tell, the ltb LDAP does export that symbol:

  # nm -gD /usr/local/openldap/lib64/libldap.so | grep ldap_sasl_interactive_bind
  0000000000017760 T ldap_sasl_interactive_bind
  00000000000178c0 T ldap_sasl_interactive_bind_s

So I'm guessing that the ltb libldap isn't being linked at runtime?

If that's the case, is there a way to configure FreeRADIUS to use the ltb versions, or do I need to start overriding LD_PRELOAD_PATH/hand edit ld.conf?
I'm not 100% sure how it would be linking at the moment, as I don't see the ltb so's in the output of ldconfig.

Or am I just completely wrong and the ltb packages don't support SASL :)

Adam Bishop

  gpg: E75B 1F92 6407 DFDF 9F1C  BF10 C993 2504 6609 D460

jisc.ac.uk


Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under company number. 05747339, VAT number GB 197 0632 86. Jisc’s registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800.


Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 02881024, VAT number GB 197 0632 86. The registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800.


Jisc Commercial Limited is a wholly owned Jisc subsidiary and a company limited by shares which is registered in England under company number 09316933, VAT number GB 197 0632 86. The registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800.


For more details on how Jisc handles your data see our privacy notice here: https://www.jisc.ac.uk/website/privacy-notice

More information about the Freeradius-Users mailing list