Startup problem with ldap
Alan DeKok
aland at deployingradius.com
Wed Nov 7 23:10:17 CET 2007
Massimo Meregalli wrote:
> The server on which the radiusd is running is configured to authenticate
> users against ldap (via pam) (which is running on the same machine as
> the radiusd server). The ldap server is used only to store user
> information. The passwords are stored into a kerberos database. The
> User-Password ldap attribute is specified as {SASL}<user>@REALM for
> those application that don't understand kerberos and the server is also
> running saslauthd.
Yes... that doesn't change what I said.
The OpenLDAP libraries have some static variables that make it
impossible to *safely* talk to two LDAP servers from the same program.
This is likely the issue you are running into.
> All the other application the server is running which use ldap as
> database are working fine.
Are they also using LDAP via PAM? If not, then they are not running
into the problem I pointed out.
> The unix module is commented out in the configuration file.
Whatever. You're using rlm_ldap AND ldap through PAM. This is not
supported by the OpenLDAP libraries. It was magic why it worked before.
It works in non-threaded mode because the conflicting mutexes aren't used.
Alan DeKok.
More information about the Freeradius-Users
mailing list