[Date Prev][Date Next] [Chronological] [Thread] [Top]

Having problems with LDAP and Red Hat 6.1


As many of you probably know, Red Hat Linux 6.1 shipped with RPMs of
OpenLDAP and the nss_ldap and pam_ldap modules.  I thought this was good
news, having a major Linux distribution supporting LDAP authentication
schemes.  I had been using those modules with OpenLDAP with both Red Hat
5.2 and 6.0 with excellent success.  However, I seem to have lost some
basic functionality with upgrading Red Hat 6.1 on my personal workstation
and that doesn't bode well for building a new mail server based off of Red
Hat 6.1.  Hopefully someone can comment on what is going on, as I would
really like to base the mail server off the latest Red Hat distribution.

For starters, I am using the latest stable release of OpenLDAP (1.2.7),
with the latest versions of pam_ldap (42) and nss_ldap (87).  I dumped the
rpm versions of the above because they were older versions in some cases
and also because I thought my problems might be related to the RPMs so I
rolled my own.  Kernel is 2.2.12.


One of the sh-utils that fails to work anymore is "id".  When I run it on
any valid user, it just sits there.  When I run a strace on "id", I find
its in a nearly infinite lookup loop on the entiries on my LDAP server.
When I run a ltrace, I see a lot of strcmp, which coincides with what I am
seeing with my straces.  One of them appears to be matching, i.e. 

strcmp("kevin_myer", "kevin_myer")                = 0

but the process keeps running and running and searching and searching.....

In addition, on my test mail server, I am running the Cyrus IMAP package,
which is dependent on a CMU SASL implimentation.  The SASL implimentation
uses PAM by default and I have my PAM aware applications using LDAP for
most things.  The Cyrus administration program is a CLI TCL program called
"cyradm" and when this runs, with proper credentials, one should be able
to adminster the mail server.  However, when I try to authenticate, I once
again just hang, although this time, there's no infinite searching loop.
When I strace this process, its doing absolutely nothing, after accepting
the password.  Just sitting there, waiting for something to happen.

Some facts I've come up with so far - different version of sh-utils
between RH 5.2 and 6.1  (1.16 vs. 2.0).  Obviously, there are different
glibc version (2.0.7 vs 2.1.2) - that could be the problem :(  Different
versions of TCL (8.0.3 vs. 8.0.5) although I'm going to test 8.1.1 as

Any brainstorms?  I can pass along any straces or ltraces if they would be
helpful.  Also, this thing is hammering my LDAP server - I recently filled
up a 1Gb partition, which just happened to be my log partition (/var) and
which ended up wiping out a web based calendar file, containing library
reservation dates for the upcoming months.  Obviously, I turned logging
off - today I turned it on for a bit and generated a 163Mb log file in
less than 5 minutes, with a loglevel of 1.

Something about Red Hat 6.1 is unhappy with LDAP :(  Anyone else have
similar experiences?



     ~        Kevin M. Myer
    . .       Network/System Administrator
    /V\       ELANCO School District
   // \
  /(   )\