On 15-04-16 00:39, Andrew Daviel wrote:
We have a freeradius server using LDAP authentication against openldap. We have had freeradius-3.0.4-6 on CentOS 7 successfully communicating with openldap-servers-2.3.43 on CentOS 5. We need some features in freeradius-3.0.12. When I build that on CentOS 6, it initially works, but then develops TLS errors. We can search and authenticate against the LDAP server with Apache, and with ldapsearch using ldaps:// URLs and with start_tls. If I ask the freeradius community, I am told unequivocally to use OpenSSL not NSS.
You will hear the same thing from the OpenLDAP Community and will be asked to first verify the issue on the latest OpenLDAP with OpenSSL (no NSS). Even the latest RHEL7/CentOS7 OpenLDAP packages are behind and lack a lot of important bugfixes. If you use (are going to use) MDB (highly recommended) or replication then you'll definitely need to use the latest OpenLDAP version (with OpenSSL, no NSS).
The OpenLDAP Community usually recommends the free OpenLDAP RPM packages built with OpenSSL from http://ltb-project.org or to get supported packages from http://www.symas.com also built with OpenSSL.
HTH, Patrick _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos
