Thanks for checking that out and for taking care of it. Will this pose a performance problem for ldap authentication using the new openldap libraries?
Mike -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kostas Kalevras Sent: Thursday, March 27, 2003 4:11 PM To: [EMAIL PROTECTED] Subject: Re: openldap-2.1.16 and freeradius not compatable(was rlm_ldap issues) 2:07am /src/openldap-2.1.12/libraries > grep --recursive ldap_enable_cache * libldap/cache.c:ldap_enable_cache( LDAP *ld, long timeout, ber_len_t maxmem ) libldap/test.c: if ( ldap_enable_cache( ld, i, atoi( line )) == 0 ) { libldap/test.c: printf( "ldap_enable_cache failed\n" ); 2:07am /src/openldap-2.1.12/libraries > cd ../../openldap-2.1.16/libraries 2:07am /src/openldap-2.1.16/libraries > grep --recursive ldap_enable_cache * 2:07am /src/openldap-2.1.16/libraries > Ok it seems that in latest versions of openldap the caching code has been removed completely. I 'll remove the relevant code from rlm_ldap tomorrow. Thanks for the report. > > Mike > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Mike Denka > Sent: Wednesday, March 26, 2003 3:50 PM > To: [EMAIL PROTECTED] > Subject: RE: rlm_ldap issues > > After more research, I found that I could only get radius to work by > manually removing all the libraries from openldap-2.1.16 and rebuilding > an earlier release (in my case, I used 2.1.12) Just rebuilding and > reinstalling the two programs didn't work, as I said in my first post, > so some residual components of 2.1.16 are left intact and used by > freeradius even if an earlier version of ldap is reinstalled. > > One might object to my posting this thread on the freeradius list rather > than the openldap list, and that objection has merit. But I'd really > like to get the opinions of the freeradius gurus about what might be > causing this hostility between freeradius and the latest openldap. In > any case, this may serve as a cautionary tale for anyone planning to > upgrade to the latest openldap ON THE SAME SERVER that is running > freeradius. (Also a cautionary tale for anyone wondering whether it's a > good idea to run two major production services on the same server). > > I'm also curious - is anyone else successfully running openldap-2.1.16 > on the same server as freeradius-0.8.1? Perhaps I'm overlooking > something? > > Mike > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Mike Denka > Sent: Wednesday, March 26, 2003 7:49 AM > To: [EMAIL PROTECTED] > Subject: rlm_ldap issues > > > This morning I upgraded my ldap server to the latest revision (from > openldap-2.1.12 to openldap-2.1.16). Then restarted radius (freeradius > v 0.8.1) and was surprised by a slew of errors in my radius.log file. > They were: > > "Error: rlm_ldap: All ldap connections are in use" > > and > > "Error: Dropping packet from client evrt1-1:1645 - ID: 32 due to dead > request 933" > > Of course, no one could authenticate. > > Next I ran radius in debug mode, but as soon as a connection was > requested, the radius server died trying to authenticate the first user. > The failed authentication ended with the following output from radiusd > -X: > > . > . > . > rad_lowerpair: User-Name now 'mollybe' > modcall: entering group authorize > modcall[authorize]: module "preprocess" returns ok > rlm_ldap: - authorize > rlm_ldap: performing user authorization for mollybe > radius_xlat: '(uid=mollybe)' > radius_xlat: 'ou=people,dc=winsome,dc=com' > ldap_get_conn: Got Id: 0 > rlm_ldap: attempting LDAP reconnection > rlm_ldap: (re)connect to 127.0.0.1:389, authentication 0 > rlm_ldap: bind as cn=Manager,dc=winsome,dc=com/secretpassword to > 127.0.0.1:389 > rlm_ldap:waiting for bind result ... > rlm_ldap: performing search in ou=people,dc=winsome,dc=com, with filter > (uid=mollybe) > /usr/local/sbin/radiusd: relocation error: > /usr/local/lib/rlm_ldap-0.8.1.so: undefined symbol: ldap_enable_cache > > Unable to determine the exact nature of the errors, I decided to go back > to the previous version of LDAP to undo what I had done. However, after > reinstalling the previous version of LDAP, the same problem with radius > persisted. Since it appeared that there was a library problem in > rlm_ldap-0.8.1, I rebuilt freeradius from scratch. Still, the same > errors persisted. Now, as a temporary measure I have had to go back to > the passwd and shadow files to allow customer access. But this is not a > solution. Please lend assistance if you can. > > Thanks very much, > > Mike > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
