Massimo Meregalli wrote:
The server on which the radiusd is running is configured to authenticate users against ldap (via pam) (which is running on the same machine as the radiusd server). The ldap server is used only to store user information. The passwords are stored into a kerberos database. The User-Password ldap attribute is specified as {SASL}<user>@REALM for those application that don't understand kerberos and the server is also running saslauthd.
Yes... that doesn't change what I said. The OpenLDAP libraries have some static variables that make it impossible to *safely* talk to two LDAP servers from the same program. This is likely the issue you are running into.
All the other application the server is running which use ldap as database are working fine.
Are they also using LDAP via PAM? If not, then they are not running into the problem I pointed out.
The unix module is commented out in the configuration file.
Whatever. You're using rlm_ldap AND ldap through PAM. This is not supported by the OpenLDAP libraries. It was magic why it worked before. It works in non-threaded mode because the conflicting mutexes aren't used. Alan DeKok.