<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z0000AJOz2cCQDOkta Classic EngineDirectoriesAnswered2025-01-17T18:42:31.000Z2025-01-17T16:08:44.000Z2025-01-17T18:42:31.000Z

VatsaA.57811 (Employee) asked a question.

January 17, 2025 at 4:08 PM
Error setting up RADIUS Integration with FreeRADIUS

Hello,

 

I am trying to set up FreeRADIUS server and integrate with Okta's LDAP interface. However, I'm getting this error on the FreeRADIUS console:

 

"rlm_ldap (ldap): Connecting to ldaps://demo-arsenal.ldap.okta.com:636

rlm_ldap (ldap): Bind with uid=00unp8nqbr8M3b6N7697,ou=users, dc=demo-arsenal, dc=okta, dc=com to ldaps://demo-arsenal.ldap.okta.com:636 failed: Can't contact LDAP server

rlm_ldap (ldap): Opening connection failed (0)

rlm_ldap (ldap): Removing connection pool

/etc/freeradius/3.0/mods-enabled/ldap[1]: Instantiation failed for module "ldap""

 

/help/servlet/rtaImage?refid=0EM4z000007IqAE

 

On the Okta console I'm getting this error:

 

/help/servlet/rtaImage?refid=0EM4z000007IqAJ

 

Can anyone help me with setting up the LDAP config file:

This is my current config:

ldap {

  server = "ldaps://demo-***.ldap.okta.com"

  identity = "uid=***8M3b6N7697,ou=users, dc=demo-***, dc=okta, dc=com"

  password = "****"

  base_dn = "dc=demo-arsenal, dc=okta, dc=com"

  filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"

  tls = yes

  ldap_connections_number = 10

  start_tls = no

  tls_ca_file = /etc/ssl/certs/okta_ldap_server.crt

  • 2 answers
  • 235 views

  • User17157611498146715886 (Customer Support Online Community and Social Care)

    Hello @VatsaA.57811 (Employee)​ , thank you for contacting Okta Community.

     

    I've brought your question to the attention of our colleagues. It seems you are encountering a limitation: LDAPi requires TLS 1.2 to establish a connection. You can read more about it here:

    LDAP Interface known limitations

     

    You should try contacting Free Radius Support to assist you with configuring the LDAP browser's configuration file.

     

    While we'll do our best to answer your questions here, this medium is more inclined towards Okta's core products and features.

     

    Regards. 

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Expand Post

    • VatsaA.57811 (Employee)

      Hi Diana, thanks for responding on this query. I will for sure reach out to FreeRADIUS on this. However, just needed to understand if the LDAP config file format is correct as per the Okta docs:

       

      ldap {

        server = "ldaps://demo-***.ldap.okta.com"

        identity = "uid=***8M3b6N7697,ou=users, dc=demo-***, dc=okta, dc=com"

        password = "****"

        base_dn = "dc=demo-arsenal, dc=okta, dc=com"

        filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"

        tls = yes

        ldap_connections_number = 10

        start_tls = no

        tls_ca_file = /etc/ssl/certs/okta_ldap_server.crt

       

      ---Appreciate your help---

       

      Expand Post
This question is closed.
Loading
Error setting up RADIUS Integration with FreeRADIUS