Hi all, I'm writing here because the freeradius-3.2.7-2.eln146.src.rpm package I want to use comes from the https://koji.fedoraproject.org/koji/buildinfo?buildID=2671622 environment.
The task is to perform ldap authentication on the freeradius server *and* the rm_ldap module must *return* the 'fail' status to the questioning freeradius server if the ldap server is unavailable/unresponsive after the freeradius server has started. I got to the point that because of the https://bugzilla.redhat.com/show_bug.cgi?id=1992551 bug, the freeradius package got a Patch6: freeradius-ldap-infinite-timeout-on-starttls.patch . The consequence of this is that if you use starttls, the module will wait indefinitely, and therefore the freeradius server calling the module will not receive the requests if the ldap server is unavailable/unresponsive after the freeradius server has started. If I compile my own package where this patch is not in use, the ldap request fails, but this information does not reach freeradius. In other OS environments, this happens and is visible in the output '/usr/sbin/freeradius -d /etc/freeradius/3.0 -X -xxxx'. Mon May 19 17:04:17 2025 : Error: rlm_ldap (ldap): Failed to reconnect (3), no free connections are available Mon May 19 17:04:17 2025 : ERROR: (1) ldap: Failed performing search: Timed out while waiting for server to respond Mon May 19 17:04:17 2025 : Debug: (1) modsingle[authorize]: returned from ldap (rlm_ldap) Mon May 19 17:04:17 2025 : Debug: (1) [ldap] = fail On my environment: Wed May 21 10:58:17 2025 : Error: rlm_ldap (ldap_institute): Bind with uid=xxx,ou=yyy,o=zzz,c=com to ldap://ldap.example.com:636 failed: Can't contact LDAP server Thank You in advance for your help. Regards: István -- _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
