The logs kept annoying me, so I went and and searched through the source code. and the LDAP_OPT_X_TLS is not defined by start_tls, but rather by tls_mode, which is not currently a configurable option. It looks like rlm_ldap will attempt to use LDAPS every time.
Rather than defining tls_mode as no, I added a line to my copy of 0.7 (not a cvs release) that will allow me to configure this. Since it's only one line, I'm not going to create a patch for it. In rlm_ldap.c, goto line 202 where it reads: static CONF_PARSER module_config[] = { add this line somewhere in between the brackets (I placed mine at line 214, right above start_tls). {"tls_mode", PW_TYPE_BOOLEAN, offsetof(ldap_instance,tls_mode), NULL, "no"}, Compile and install that module (or do the whole distro if you wish). This adds the following option to your rlm_ldap section of radiusd.conf: tls_mode = no # defaults to no Works like a champ! Cheers, John John <[EMAIL PROTECTED]> wrote: > Tue Aug 6 10:55:57 2002 : Error: rlm_ldap: could not set LDAP_OPT_X_TLS > option Success > > The only setting in radiusd.conf that seems to pertain to this is > start_tls, which I have set to no. > > I did a grep for LDAP_OPT_X_TLS in * of the doc and the raddb directory, with > no results, and haven't found anything on the mailling list as of yet. Did you try looking the the source of the LDAP module? It looks to me like the LDAP module is setting TLS mode, even if the config file says to not use TLS. For your purposes, you can ignore this message. Alan DeKok. -- John Hogenmiller, kb3dfz Systems Administrator, Pennswoods.net 877.716.2002 ext 529 --- I ring my temp to see how he's doing in my absence. The phone rings about 50 times before finally being diverted to talking clock. At least I know he's read my Site Management Bible... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html