On 11/11/2013 11:58 PM, Klara Mall wrote:
> With this configuration the connection fails about half of the time (not
> always) with:
> "ERR: Could not open LDAP connection to ad.example.com:636. Backing off
> for 600 seconds."
>
> I had a look at Ldap.pm from the radiator code and wrote this little
> Perl program:
> -------------------
Hello Klara,
If you add the 'use ...' before require and then run the script, do you
get debug output from IO::Socket::SSL? I have not tried this myself, but
my understanding is IO::Socket::SSL is what Net::LDAP uses for LDAPS.
If you do get debug output, you could try modifying Ldap.pm a bit more
and make it load IO::Socket::SSL with debug enabled.
When you then run radiusd with -foreground and -log_stdout options, you
should see the debug output when LDAPS connections are created.
Maybe this debug would show what goes wrong.
use IO::Socket::SSL qw(debug3);
> require Net::LDAPS;
>
> my $host = "ad.example.com";
>
> my $ldap = new Net::LDAPS($host,
> port => 636,
> verify => 'require',
> localaddr => '',
> multihomed => 1,
> version => 3,
> inet6 => 0,
> timeout => 3,
> cafile =>
> '/etc/radiator/certificates/deutsche-ca.pem');
> if (!$ldap) { print "error\n"; exit; }
> else { print "success\n"; exit; }
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
