[Date Prev][Date Next]
Having problems with LDAP and Red Hat 6.1
As many of you probably know, Red Hat Linux 6.1 shipped with RPMs of
OpenLDAP and the nss_ldap and pam_ldap modules. I thought this was good
news, having a major Linux distribution supporting LDAP authentication
schemes. I had been using those modules with OpenLDAP with both Red Hat
5.2 and 6.0 with excellent success. However, I seem to have lost some
basic functionality with upgrading Red Hat 6.1 on my personal workstation
and that doesn't bode well for building a new mail server based off of Red
Hat 6.1. Hopefully someone can comment on what is going on, as I would
really like to base the mail server off the latest Red Hat distribution.
For starters, I am using the latest stable release of OpenLDAP (1.2.7),
with the latest versions of pam_ldap (42) and nss_ldap (87). I dumped the
rpm versions of the above because they were older versions in some cases
and also because I thought my problems might be related to the RPMs so I
rolled my own. Kernel is 2.2.12.
One of the sh-utils that fails to work anymore is "id". When I run it on
any valid user, it just sits there. When I run a strace on "id", I find
its in a nearly infinite lookup loop on the entiries on my LDAP server.
When I run a ltrace, I see a lot of strcmp, which coincides with what I am
seeing with my straces. One of them appears to be matching, i.e.
strcmp("kevin_myer", "kevin_myer") = 0
but the process keeps running and running and searching and searching.....
In addition, on my test mail server, I am running the Cyrus IMAP package,
which is dependent on a CMU SASL implimentation. The SASL implimentation
uses PAM by default and I have my PAM aware applications using LDAP for
most things. The Cyrus administration program is a CLI TCL program called
"cyradm" and when this runs, with proper credentials, one should be able
to adminster the mail server. However, when I try to authenticate, I once
again just hang, although this time, there's no infinite searching loop.
When I strace this process, its doing absolutely nothing, after accepting
the password. Just sitting there, waiting for something to happen.
Some facts I've come up with so far - different version of sh-utils
between RH 5.2 and 6.1 (1.16 vs. 2.0). Obviously, there are different
glibc version (2.0.7 vs 2.1.2) - that could be the problem :( Different
versions of TCL (8.0.3 vs. 8.0.5) although I'm going to test 8.1.1 as
Any brainstorms? I can pass along any straces or ltraces if they would be
helpful. Also, this thing is hammering my LDAP server - I recently filled
up a 1Gb partition, which just happened to be my log partition (/var) and
which ended up wiping out a web based calendar file, containing library
reservation dates for the upcoming months. Obviously, I turned logging
off - today I turned it on for a bit and generated a 163Mb log file in
less than 5 minutes, with a loglevel of 1.
Something about Red Hat 6.1 is unhappy with LDAP :( Anyone else have
~ Kevin M. Myer
. . Network/System Administrator
/V\ ELANCO School District