LDAPS Unknown error from LDAP module

Nick Porter nick at portercomputing.co.uk
Mon Mar 27 19:58:45 UTC 2023


On 27/03/2023 19:03, Grosjean Cyril wrote:
> 1/ Can you confirm that the “Unknown error” is from the LDAP response and
> not Freeradius ? Can we have more information about status code of the
> response ?
> I’m seeing here two occurences of “Unknown error” in the ldap module
> (ldap.c) but I can’t get more information, and it is hard for me to
> activate debug that show Radius attribute in stdout (as some of them are
> sensitive).

That error is coming from libldap - that is it's expansion of the error 
code passed to ldap_err2string().

> 2/ Can I activate more debug on thoses errors to get the bottom of it ? Do
> you have any insight to help me get more information ?

Try enabling libldap debug options by setting the ldap_debug option in 
src/mod-enabled/ldap - you should refer to OpenLDAP documentation to see 
the meaning for the values you can set there.

The output is not easy to read, but tells you what libldap is doing as 
opposed to what FreeRADIUS is doing.

Nick

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20230327/155d3b09/attachment-0001.sig>


More information about the Freeradius-Users mailing list