(RADIATOR) 3.11 -> 3.13 ldaps problems
Andrew D. Clark
andrew.clark at ucsb.edu
Fri Oct 7 17:56:00 CDT 2005
On Friday 07 October 2005 15:48, Mike McCauley wrote:
> Hello Andrew,
>
> The log and config file seems to indicate you do not have config file
> entries for AuthDN and AuthPasssword.
>
> Cheers.
Yes, you're right. I'm doing an anonymous bind, so I was under the assumption
those would be undefined (as they were in 3.11....).
goodies/ldap.cfg seems to say you don't need them for anonymous binds.
# You will only need these if your LDAP server
# requires authentication. These are the examples
# in a default OpenLDAP installation
# see /etc/openldap/slapd.conf
AuthDN cn=Manager, dc=example, dc=com
AuthPassword secret
I must be missing something here.
--
Andrew Clark
Campus Network Programmer
University of California, Santa Barbara
andrew.clark at ucsb.edu (805) 893-5311
>
> On Saturday 08 October 2005 05:04, Andrew D. Clark wrote:
> > Hi all.
> >
> > I recently attempted to upgrade from 3.11 to 3.13, which broke my ldaps
> > handler. I now get the following error when I attempt to connect:
> >
> > Fri Oct 7 12:00:12 2005: INFO: Attempting to bind to LDAP server
> > directory.ucsb.edu:636
> > Fri Oct 7 12:00:12 2005: ERR: Could not bind connection with , , error:
> > LDAP_INAPPROPRIATE_AUTH (server directory.ucsb.edu:636)
> > Fri Oct 7 12:00:12 2005: ERR: Backing off from directory.ucsb.edu:636
> > for 30 seconds.
> >
> > Thinking that perhaps it now really wants the
> > SSLCAClientCert and SSLCAClientKey set as the goodies indicates, I set
> > SSLCAClientCert to point to an actual cert, which then causes radiusd to
> > crash on the next attempted ldaps connection.
> >
> > Here's my ldaps config, which is included at various points within
> > various ldaps handlers:
> >
> > Host directory.ucsb.edu
> >
> > BaseDN o=ucsb
> > UsernameAttr uid
> >
> > PasswordAttr passwd
> > ServerChecksPassword
> >
> > # You can enable debugging of the Net::LDAP
> > # module with this:
> > Debug 255
> >
> > UseSSL
> > # If you set UseSSL or UseTLS, also need to set these:
> > SSLCAFile /etc/ssl/cert.pem
> > #SSLCAClientCert /usr/local/etc/ssl/certs/noc.ucsb.edu.crt
> > #SSLCAClientCert ldapcertificates/clientcrt.pem
> > #SSLCAClientKey ldapcertificates/clientkey.pem
> >
> > #HoldServerConnection
> >
> > # Timeout 2
> > # Failure backoff Default is 10 minutes - i'm using 30 sec
> > FailureBackoffTime 3
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list