[RADIATOR] Net::LDAPS problem with Active Directory on port 636
Klara Mall
klara.mall at kit.edu
Mon Nov 11 15:58:07 CST 2013
Hi,
I have a problem with connecting to our Active Directory servers (LDAP)
on port 636 with radiator. Port 3269 is working but I have to use 636
for a certain reason.
The mad thing is: I cannot reproduce the problem with a little Perl
program on the same host.
System:
radiator 4.11, Debian wheezy, i386 (all Perl modules from Debian)
Relevant radiator configuration:
-------------------
Host ad.example.com
Port 636
Version 3
UseSSL
SSLCAFile %D/certificates/ca.pem
Timeout 3
-------------------
With this configuration the connection fails about half of the time (not
always) with:
"ERR: Could not open LDAP connection to ad.example.com:636. Backing off
for 600 seconds."
I had a look at Ldap.pm from the radiator code and wrote this little
Perl program:
-------------------
require Net::LDAPS;
my $host = "ad.example.com";
my $ldap = new Net::LDAPS($host,
port => 636,
verify => 'require',
localaddr => '',
multihomed => 1,
version => 3,
inet6 => 0,
timeout => 3,
cafile =>
'/etc/radiator/certificates/deutsche-ca.pem');
if (!$ldap) { print "error\n"; exit; }
else { print "success\n"; exit; }
-------------------
I run this program in a while loop several times and the connection
never fails.
I also removed the patch by Raphael Luta (in Ldap.pm) which permits
multiple hostnames. But it made no difference.
I wasn't able to find the difference between the radiator code and my
code. Can you help me?
Best regards
Klara
--
Karlsruher Institut für Technologie (KIT)
Steinbuch Centre for Computing (SCC)
Klara Mall
Netze und Telekommunikation (NET)
Hermann-von-Helmholtz-Platz 1
76344 Eggenstein-Leopoldshafen
Telefon: +49 721 608-28630
Telefon: +49 721 608-48946
E-Mail: klara.mall at kit.edu
Web: http://www.scc.kit.edu
KIT - Universität des Landes Baden-Württemberg und
nationales Forschungszentrum in der Helmholtz-Gemeinschaft
More information about the radiator
mailing list