On Fri, 28 Mar 2003, Mike Denka wrote: > Thanks for checking that out and for taking care of it. Will this pose > a performance problem for ldap authentication using the new openldap > libraries?
No. The caching code was used only for the regular profiles anyway. And it never worked very nice. You are better off using an ldap server on localhost or unix sockets (ldapi://) if you need extra performance. > > Mike > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Kostas > Kalevras > Sent: Thursday, March 27, 2003 4:11 PM > To: [EMAIL PROTECTED] > Subject: Re: openldap-2.1.16 and freeradius not compatable(was rlm_ldap > issues) > > > 2:07am /src/openldap-2.1.12/libraries > grep --recursive > ldap_enable_cache * > libldap/cache.c:ldap_enable_cache( LDAP *ld, long timeout, ber_len_t > maxmem ) > libldap/test.c: if ( ldap_enable_cache( ld, i, atoi( > line )) == > 0 ) { > libldap/test.c: printf( "ldap_enable_cache > failed\n" ); > 2:07am /src/openldap-2.1.12/libraries > cd > ../../openldap-2.1.16/libraries > 2:07am /src/openldap-2.1.16/libraries > grep --recursive > ldap_enable_cache * > 2:07am /src/openldap-2.1.16/libraries > > > > Ok it seems that in latest versions of openldap the caching code has > been > removed completely. I 'll remove the relevant code from rlm_ldap > tomorrow. > > Thanks for the report. > > > > > Mike > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Mike > Denka > > Sent: Wednesday, March 26, 2003 3:50 PM > > To: [EMAIL PROTECTED] > > Subject: RE: rlm_ldap issues > > > > After more research, I found that I could only get radius to work by > > manually removing all the libraries from openldap-2.1.16 and > rebuilding > > an earlier release (in my case, I used 2.1.12) Just rebuilding and > > reinstalling the two programs didn't work, as I said in my first post, > > so some residual components of 2.1.16 are left intact and used by > > freeradius even if an earlier version of ldap is reinstalled. > > > > One might object to my posting this thread on the freeradius list > rather > > than the openldap list, and that objection has merit. But I'd really > > like to get the opinions of the freeradius gurus about what might be > > causing this hostility between freeradius and the latest openldap. In > > any case, this may serve as a cautionary tale for anyone planning to > > upgrade to the latest openldap ON THE SAME SERVER that is running > > freeradius. (Also a cautionary tale for anyone wondering whether it's > a > > good idea to run two major production services on the same server). > > > > I'm also curious - is anyone else successfully running openldap-2.1.16 > > on the same server as freeradius-0.8.1? Perhaps I'm overlooking > > something? > > > > Mike > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Mike > Denka > > Sent: Wednesday, March 26, 2003 7:49 AM > > To: [EMAIL PROTECTED] > > Subject: rlm_ldap issues > > > > > > This morning I upgraded my ldap server to the latest revision (from > > openldap-2.1.12 to openldap-2.1.16). Then restarted radius > (freeradius > > v 0.8.1) and was surprised by a slew of errors in my radius.log file. > > They were: > > > > "Error: rlm_ldap: All ldap connections are in use" > > > > and > > > > "Error: Dropping packet from client evrt1-1:1645 - ID: 32 due to dead > > request 933" > > > > Of course, no one could authenticate. > > > > Next I ran radius in debug mode, but as soon as a connection was > > requested, the radius server died trying to authenticate the first > user. > > The failed authentication ended with the following output from radiusd > > -X: > > > > . > > . > > . > > rad_lowerpair: User-Name now 'mollybe' > > modcall: entering group authorize > > modcall[authorize]: module "preprocess" returns ok > > rlm_ldap: - authorize > > rlm_ldap: performing user authorization for mollybe > > radius_xlat: '(uid=mollybe)' > > radius_xlat: 'ou=people,dc=winsome,dc=com' > > ldap_get_conn: Got Id: 0 > > rlm_ldap: attempting LDAP reconnection > > rlm_ldap: (re)connect to 127.0.0.1:389, authentication 0 > > rlm_ldap: bind as cn=Manager,dc=winsome,dc=com/secretpassword to > > 127.0.0.1:389 > > rlm_ldap:waiting for bind result ... > > rlm_ldap: performing search in ou=people,dc=winsome,dc=com, with > filter > > (uid=mollybe) > > /usr/local/sbin/radiusd: relocation error: > > /usr/local/lib/rlm_ldap-0.8.1.so: undefined symbol: ldap_enable_cache > > > > Unable to determine the exact nature of the errors, I decided to go > back > > to the previous version of LDAP to undo what I had done. However, > after > > reinstalling the previous version of LDAP, the same problem with > radius > > persisted. Since it appeared that there was a library problem in > > rlm_ldap-0.8.1, I rebuilt freeradius from scratch. Still, the same > > errors persisted. Now, as a temporary measure I have had to go back > to > > the passwd and shadow files to allow customer access. But this is not > a > > solution. Please lend assistance if you can. > > > > Thanks very much, > > > > Mike > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > -- > Kostas Kalevras Network Operations Center > [EMAIL PROTECTED] National Technical University of Athens, Greece > Work Phone: +30 210 7721861 > 'Go back to the shadow' Gandalf > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
