[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: Using LDAPS with Freeradius
From: Arran Cudbard-Bell <a.cudbardb () freeradius ! org>
Date: 2020-01-22 14:39:47
Message-ID: 8C89C78D-2DF6-4B78-8B22-7C62C606A1A3 () freeradius ! org
[Download RAW message or body]
> On Jan 21, 2020, at 9:14 PM, Byron Jeffery <byronjeffery@cem.org.au> wrote:
>
> Thanks for the add Arran
>
> So something like this in the ldap module config:
>
> server = "ldaps://serverurl"
Yes.
> - Also to clarify, is it necessary to specify the ca_file path and set
> require_cert = 'allow' for self sign certificates if doing LDAPS?
Sure if you want to allow MITM attacks. Otherwise you need some kind of trust \
anchor.
For self-signed, i'd say you provide a copy of the certificate in ca_file, and set \
require_cert to 'hard'.
Not 100% though, never configured it...
-Arran
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic