(RADIATOR) 3.11 -> 3.13 ldaps problems

Andrew D. Clark andrew.clark at ucsb.edu
Fri Oct 7 14:04:43 CDT 2005


Hi all.

I recently attempted to upgrade from 3.11 to 3.13, which broke my ldaps 
handler.  I now get the following error when I attempt to connect:

Fri Oct  7 12:00:12 2005: INFO: Attempting to bind to LDAP server 
directory.ucsb.edu:636
Fri Oct  7 12:00:12 2005: ERR: Could not bind connection with , , error: 
LDAP_INAPPROPRIATE_AUTH (server directory.ucsb.edu:636)
Fri Oct  7 12:00:12 2005: ERR: Backing off from directory.ucsb.edu:636 for 30 
seconds.

Thinking that perhaps it now really wants the 
SSLCAClientCert and SSLCAClientKey set as the goodies indicates, I set 
SSLCAClientCert to point to an actual cert, which then causes radiusd to 
crash on the next attempted ldaps connection.

Here's my ldaps config, which is included at various points within various 
ldaps handlers:

Host                    directory.ucsb.edu

BaseDN                  o=ucsb
UsernameAttr    uid

PasswordAttr    passwd
ServerChecksPassword

# You can enable debugging of the Net::LDAP
# module with this:
Debug 255

UseSSL
# If you set UseSSL or UseTLS, also need to set these:
SSLCAFile /etc/ssl/cert.pem
#SSLCAClientCert /usr/local/etc/ssl/certs/noc.ucsb.edu.crt
#SSLCAClientCert ldapcertificates/clientcrt.pem
#SSLCAClientKey ldapcertificates/clientkey.pem

#HoldServerConnection

# Timeout 2
# Failure backoff Default is 10 minutes - i'm using 30 sec
FailureBackoffTime 30

-- 
Andrew Clark
Campus Network Programmer
University of California, Santa Barbara
andrew.clark at ucsb.edu (805) 893-5311

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list