[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Using LDAPS with Freeradius
From:       Arran Cudbard-Bell <a.cudbardb () freeradius ! org>
Date:       2020-01-22 14:39:47
Message-ID: 8C89C78D-2DF6-4B78-8B22-7C62C606A1A3 () freeradius ! org
[Download RAW message or body]



> On Jan 21, 2020, at 9:14 PM, Byron Jeffery <byronjeffery@cem.org.au> wrote:
> 
> Thanks for the add Arran
> 
> So something like this in the ldap module config:
> 
> server = "ldaps://serverurl"

Yes.

> - Also to clarify, is it necessary to specify the ca_file path and set
> require_cert = 'allow' for self sign certificates if doing LDAPS?

Sure if you want to allow MITM attacks.  Otherwise you need some kind of trust \
anchor.  

For self-signed, i'd say you provide a copy of the certificate in ca_file, and set \
require_cert to 'hard'.

Not 100% though, never configured it...

-Arran


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]