The logs kept annoying me, so I went and and searched through the source
code. and the LDAP_OPT_X_TLS is not defined by start_tls, but rather by
tls_mode, which is not currently a configurable option. It looks like rlm_ldap will
attempt to use LDAPS every time.
Rather than defining tls_mode as no, I added a line to my copy of 0.7 (not a cvs
release) that will allow me to configure this.
Since it's only one line, I'm not going to create a patch for it.
In rlm_ldap.c, goto line 202 where it reads:
static CONF_PARSER module_config[] = {
add this line somewhere in between the brackets (I placed mine at line 214, right
above start_tls).
{"tls_mode", PW_TYPE_BOOLEAN, offsetof(ldap_instance,tls_mode), NULL,
"no"},
Compile and install that module (or do the whole distro if you wish).
This adds the following option to your rlm_ldap section of radiusd.conf:
tls_mode = no # defaults to no
Works like a champ!
Cheers,
John
John <[EMAIL PROTECTED]> wrote:
> Tue Aug 6 10:55:57 2002 : Error: rlm_ldap: could not set LDAP_OPT_X_TLS
> option Success
>
> The only setting in radiusd.conf that seems to pertain to this is
> start_tls, which I have set to no.
>
> I did a grep for LDAP_OPT_X_TLS in * of the doc and the raddb directory, with
> no results, and haven't found anything on the mailling list as of yet.
Did you try looking the the source of the LDAP module? It looks to me like the
LDAP module is setting TLS mode, even if the
config file says to not use TLS. For your purposes, you can ignore this
message. Alan DeKok.
--
John Hogenmiller, kb3dfz
Systems Administrator, Pennswoods.net
877.716.2002 ext 529
---
I ring my temp to see how he's doing in my absence. The phone rings about 50
times before finally being diverted to talking clock. At least I know he's read my
Site Management Bible...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
