(RADIATOR) 3.11 -> 3.13 ldaps problems

Andrew D. Clark andrew.clark at ucsb.edu
Fri Oct 7 17:56:00 CDT 2005 

On Friday 07 October 2005 15:48, Mike McCauley wrote:
> Hello Andrew,
>
> The log and config file seems to indicate you do not have config file
> entries for AuthDN and AuthPasssword.
>
> Cheers.

Yes, you're right.  I'm doing an anonymous bind, so I was under the assumption 
those would be undefined (as they were in 3.11....).

goodies/ldap.cfg seems to say you don't need them for anonymous binds.

# You will only need these if your LDAP server
# requires authentication. These are the examples
# in a default OpenLDAP installation
# see /etc/openldap/slapd.conf
AuthDN          cn=Manager, dc=example, dc=com
AuthPassword    secret

I must be missing something here.

-- 
Andrew Clark
Campus Network Programmer
University of California, Santa Barbara
andrew.clark at ucsb.edu (805) 893-5311



>
> On Saturday 08 October 2005 05:04, Andrew D. Clark wrote:
> > Hi all.
> >
> > I recently attempted to upgrade from 3.11 to 3.13, which broke my ldaps
> > handler.  I now get the following error when I attempt to connect:
> >
> > Fri Oct  7 12:00:12 2005: INFO: Attempting to bind to LDAP server
> > directory.ucsb.edu:636
> > Fri Oct  7 12:00:12 2005: ERR: Could not bind connection with , , error:
> > LDAP_INAPPROPRIATE_AUTH (server directory.ucsb.edu:636)
> > Fri Oct  7 12:00:12 2005: ERR: Backing off from directory.ucsb.edu:636
> > for 30 seconds.
> >
> > Thinking that perhaps it now really wants the
> > SSLCAClientCert and SSLCAClientKey set as the goodies indicates, I set
> > SSLCAClientCert to point to an actual cert, which then causes radiusd to
> > crash on the next attempted ldaps connection.
> >
> > Here's my ldaps config, which is included at various points within
> > various ldaps handlers:
> >
> > Host                    directory.ucsb.edu
> >
> > BaseDN                  o=ucsb
> > UsernameAttr    uid
> >
> > PasswordAttr    passwd
> > ServerChecksPassword
> >
> > # You can enable debugging of the Net::LDAP
> > # module with this:
> > Debug 255
> >
> > UseSSL
> > # If you set UseSSL or UseTLS, also need to set these:
> > SSLCAFile /etc/ssl/cert.pem
> > #SSLCAClientCert /usr/local/etc/ssl/certs/noc.ucsb.edu.crt
> > #SSLCAClientCert ldapcertificates/clientcrt.pem
> > #SSLCAClientKey ldapcertificates/clientkey.pem
> >
> > #HoldServerConnection
> >
> > # Timeout 2
> > # Failure backoff Default is 10 minutes - i'm using 30 sec
> > FailureBackoffTime 3

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list