freeradius 3.2.7 servert and/or freeradius ldap module problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi all,

I'm writing here because the freeradius-3.2.7-2.eln146.src.rpm
package I want to use comes from
the https://koji.fedoraproject.org/koji/buildinfo?buildID=2671622
environment.

The task is to perform ldap authentication on the freeradius
server *and* the rm_ldap module must *return* the 'fail' status
to the questioning freeradius server if the ldap server is
unavailable/unresponsive after the freeradius server has started.

I got to the point that because of
the https://bugzilla.redhat.com/show_bug.cgi?id=1992551 bug, the
freeradius package got a
Patch6: freeradius-ldap-infinite-timeout-on-starttls.patch .

The consequence of this is that if you use starttls, the module
will wait indefinitely, and therefore the freeradius server
calling the module will not receive the requests if the
ldap server is unavailable/unresponsive after the freeradius
server has started.

If I compile my own package where this patch is not in use,
the ldap request fails, but this information does not
reach freeradius.

In other OS environments, this happens and is visible in the
output '/usr/sbin/freeradius -d /etc/freeradius/3.0 -X -xxxx'.

Mon May 19 17:04:17 2025 : Error: rlm_ldap (ldap): Failed to reconnect (3), no free connections are available
Mon May 19 17:04:17 2025 : ERROR: (1) ldap: Failed performing search: Timed out while waiting for server to respond
Mon May 19 17:04:17 2025 : Debug: (1)     modsingle[authorize]: returned from ldap (rlm_ldap)
Mon May 19 17:04:17 2025 : Debug: (1)     [ldap] = fail

On my environment:

Wed May 21 10:58:17 2025 : Error: rlm_ldap (ldap_institute): Bind with uid=xxx,ou=yyy,o=zzz,c=com to ldap://ldap.example.com:636 failed: Can't contact LDAP server

Thank You  in advance for your help.

Regards: István
-- 
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux