Ladies and gentlemen, I have solved my problems with rlm_ldap. Switching to 2.0.21, the most current stable version of OpenLDAP, fixed everything. And I didn't have to patch the calls to library functions that don't exist in 1.2, which was cool.
Now, I was running 1.2.11, and the more observant among you will certainly wonder why I was running such an old version. The answer is that OpenLDAP 2 requires SASL -- or at least so I thought. I run CMU's Cyrus mail server, which requires SASL to authenticate, and am migrating my customers over to LDAP. Running SASL to check an LDAP password which then had to call the SASL library *again* caused reentrancy problems. However, I discovered that it is still possible to run OpenLDAP doing plaintext authentication without using the SASL library. So I downloaded a source RPM, rebuilt it without the SASL requirements and installed it. Problem solved. (I still have some issues with using LDAP for authorization, but I'll work those out on my own.) -- JustThe.net LLC - Steve "Web Dude" Sobol, CTO ICQ: 56972932/WebDude216 website: http://JustThe.net email: [EMAIL PROTECTED] phone: 216.619.2NET postal: 5686 Davis Drive, Mentor On The Lake, OH 44060-2752 DalNet: ZX-2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html