[RADIATOR] Net::LDAPS problem with Active Directory on port 636

Heikki Vatiainen hvn at open.com.au
Wed Nov 13 09:30:31 CST 2013


On 11/13/2013 04:02 AM, Klara Mall wrote:

> Don't know if these fixes are ok, but they show where the problem
> resides.

Yes, that is very impressive work. My understanding is 1.74 (Debian
wheezy) does not work and needs the fix but 1.33 (Debian squeeze) works.
There's the possibility that the Debian patches have changed something,
but my understanding is they actively push their patches to upstream
authors, so I think it is a good idea to contact Steffen and let him
know about this.

> I want to report this to the module maintainers. Please tell if I'm
> wrong somewhere.

I think the module maintainer should be let known of this problem and
can tell if there's a problem. It's quite likely he can quickly tell if
and what kind of fix is needed.

I guess mixing successive direct SSL/TLS connections with plain text +
start TLS within one process is not very often done and this has
remained uncovered so far.

> As for my radiator configuration I will reconsider it. I think I
> will find a way to only use SSL so that I have no mix of SSL and
> TLS.

Please let us know how it goes and what additional information you get
from module maintainers.

> BTW: I just verified: with libnet-ldap-perl from Debian squeeze it
> works. As it seems the reason is that the part of the
> IO::Socket::SSL code with the identity is not used (no DEBUG
> output for this).

This should narrow down the work to find the change that caused the problem.

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list