[Date Prev][Date Next] [Chronological] [Thread] [Top]

issue w/ LDAP that I have encountered

To: openldap-software@OpenLDAP.org
Subject: issue w/ LDAP that I have encountered
From: "Derek R." <derekr@tlc2.uh.edu>
Date: Thu, 06 Jul 2006 13:06:32 -0500
Organization: Texas Learning and Computation Center
User-agent: Thunderbird 1.5.0.2 (X11/20060501)

All, I am setting up OpenLDAP w/ the back-sql ( using MySQL ) db module and GSSAPI authentication. I had the authentication working fine, as well as the SQL database created ( via the scripts included w/ the openldap-servers-sql RPM ) and everything seemed to be fine, except that when I submitted any queries ( for example : ldapsearch -h ldap.ui.tlc2.uh.edu -p 389 -D "uid=ldap,cn=gssapi,cn=auth" -W -b"dc=tlc2,dc=uh,dc=edu" ), then I would get a no such object error ( something similar, I can't find it in my terminals now, it's been buried under mounds of strace and slapd -d1 output ). So I started testing out various parameters for queries and selects and whatnot in slapd.conf ( which, by the way, is here : # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema # for personal info include /etc/openldap/schema/inetorgperson.schema # next for posixAccount info include /etc/openldap/schema/nis.schema include /etc/openldap/schema/dnszone.schema include /etc/openldap/schema/redhat/autofs.schema

# Allow LDAPv2 client connections.  This is NOT the default.
# allow bind_v2
# Derek R. : DO NOT allow v2 for security reasons
#disallow bind_v2
# other security restrictions :
#disallow bind_anon
#disallow bind_krbv4
# password hashing schema, note SSHA is default...
password-hash {SSHA}

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

# Load dynamic backend modules:
modulepath      /usr/lib/openldap
# moduleload    back_bdb.la
# moduleload    back_ldap.la
# moduleload    back_ldbm.la
# moduleload    back_passwd.la
# moduleload    back_shell.la
moduleload      back_sql.la

# these are global SASL options sasl-host security.ui.tlc2.uh.edu sasl-realm TLC2.UH.EDU #sasl-secprops noplain,noactive,noanonymous,minssf=56 sasl-secprops noplain,noactive,noanonymous sasl-regexp uid=(.*),cn=tlc2.uh.edu,cn=gssapi,cn=auth ldap:///c=SE??sub?(krb5PrincipalName=$1@TLC2.UH.EDU) # Regexp for SSL cert authentication: sasl-regexp email=(.*),cn=(.*),ou=(.*),o=(.*),c=(.*) ldap:///ou=$3,o=$4,c=$5??sub?(&(cn=$2)(|(mail=$1)(mailAlternateAddress=$1)))

# The next three lines allow use of TLS for encrypting connections using a # dummy test certificate which you can generate by changing to # /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on # slapd.pem so that the ldap user or group can read it. Your client software # may balk at self-signed certificates, however. TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt TLSCertificateFile /opt/pki/certs/slapd-cert.pem TLSCertificateKeyFile /opt/pki/certs/slapd-key.pem TLSCipherSuite HIGH

# Sample security restrictions
#       Require integrity protection (prevent hijacking)
#       Require 112-bit (3DES or better) encryption for updates
#       Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
#security ssf=1 update_ssf=112 simple_bind=112
#security ssf=1 sasl=112 update_ssf=56 simple_bind=56
#security ssf=1 update_ssf=56 simple_bind=56
#security ssf=1 update_ssf=56

# Sample access control policy:
#       Root DSE: allow anyone to read it
#       Subschema (sub)entry DSE: allow anyone to read it
#       Other DSEs:
#               Allow self write access
#               Allow authenticated users read access
#               Allow anonymous users to authenticate
#       Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#       by self write
#       by users read
#       by anonymous auth
#
# restrict password to ea. user
access to attrs=userPassword,shadowLastChange
       by self write
       by * auth
# allow users to change their shells
access to attrs=loginShell,gecos
       by dn="cn=ldap,dc=tlc2,dc=uh,dc=edu" write
       by self write
       by * read
# read to all
access to *
       by * read
# expanded ACLs
#include /etc/openldap/slapd_extended_acls

# ADDITIONAL PARAMETERS
idletimeout             120
threads                 32
loglevel                296
mode                    0600
cachesize               2048
#sizelimit              128 LEAVE OFF FOR NOW, not big enough to dump...

#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
#
#database       bdb
#suffix         "dc=my-domain,dc=com"
#rootdn         "cn=Manager,dc=my-domain,dc=com"
## Cleartext passwords, especially for the rootdn, should
## be avoided.  See slappasswd(8) and slapd.conf(5) for details.
## Use of strong authentication encouraged.
## rootpw               secret
## rootpw               {crypt}ijFYNcSNctBYg
#
## The database directory MUST exist prior to running slapd AND
## should only be accessible by the slapd and slap tools.
## Mode 700 recommended.
#directory      /var/lib/ldap
#
## Indices to maintain for this database
#index objectClass                       eq,pres
#index ou,cn,mail,surname,givenname      eq,pres,sub
#index uidNumber,gidNumber,loginShell    eq,pres
#index uid,memberUid                     eq,pres,sub
#index nisMapName,nisMapEntry            eq,pres,sub
#
## Replicas of this database
##replogfile /var/lib/ldap/openldap-master-replog
##replica host=ldap-1.example.com:389 starttls=critical
##     bindmethod=sasl saslmech=GSSAPI
##     authcId=host/ldap-master.example.com@EXAMPLE.COM

### SQL database options database sql suffix "dc=tlc2,dc=uh,dc=edu" rootdn "uid=ldap,cn=gssapi,cn=auth" #rootdn "cn=root,dc=tlc2,dc=uh,dc=edu" #rootpw SECRET directory /var/lib/ldap #index objectClass eq,pres #index ou,cn,mail,surname,givenname eq,pres,sub #index uidNumber,gidNumber,loginShell eq,pres #index uid,memberUid eq,pres,sub index objectClass eq index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index default sub index uidNumber eq index gidNumber eq index mail,givenName eq,subinitial index dc eq dbname ldap dbuser ldap #dbpasswd SECRET dbpasswd SECRET lastmod off subtree_cond "ldap_entries.dn LIKE CONCAT('%',?)" isentry_query "INSERT INTO ldap_entries (id,dn,oc_map_id,parent,keyval) VALUES (?,?,?,?)" upper_func "upper" strcast_func "text" concat_pattern "?||?" ) and suddenly I began getting this error :

[root@uiln001 bin]# ldapsearch -h ldap.ui.tlc2.uh.edu -p 389 -D "uid=ldap,cn=gssapi,cn=auth" -W -b"dc=tlc2,dc=uh,dc=edu" Enter LDAP Password: SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80) additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (Permission denied)

this was pretty frustrating, since I have just spent a few days ( grinding towards a deadline ) getting issues related to Kerberos and LDAP sorted out, and the authentication was working prior to my twiddling w/ the database portion of slapd.conf, which seems to me like it should have nothing to do with it. Anyways, I removed the statement ( which, I realized, isn't in the above file :

has_ldapinfo_dn_ru no

) from the file and then restarted slapd. Now, after this, when I repeated the above command, I get :

[root@uiln001 bin]# ldapsearch -h ldap.ui.tlc2.uh.edu -p 389 -D "uid=ldap,cn=gssapi,cn=auth" -W -b"dc=tlc2,dc=uh,dc=edu" Enter LDAP Password: SASL/GSSAPI authentication started SASL username: root/admin@TLC2.UH.EDU SASL SSF: 56 SASL installing layers # extended LDIF # # LDAPv3 # base <dc=tlc2,dc=uh,dc=edu> with scope subtree # filter: (objectclass=*) # requesting: ALL #

ldap_result: Can't contact LDAP server (-1)

and the slapd process dies. Okay, that's what debugging mode is for, right? Well, once I run :

slapd -h ldap:/// ldaps:/// -u ldap -d1

slapd will not crash, just returns :

ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80) additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (Permission denied)

to my queries, as above. That's interesting, since when I run it w/out the -d1, it seems to authenticate properly and then crash. Allright, now I run it w/out the '-u ldap', and here's what I get : <CUT OFF STARTUP, IF YOU NEED THE LDAP STARTUP OUTPUT, PLEASE LET ME KNOW> connection_get(9): got connid=0 connection_read(9): checking for input on id=0 ber_get_next ber_get_next: tag 0x30 len 62 contents: ber_get_next ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable) do_search ber_scanf fmt ({miiiib) ber: >>> dnPrettyNormal: <> <<< dnPrettyNormal: <>, <> ber_scanf fmt (m) ber: ber_scanf fmt ({M}}) ber: => send_search_entry: conn 0 dn="" ber_flush: 48 bytes to sd 9 <= send_search_entry: conn 0 exit. send_ldap_result: conn=0 op=0 p=3 send_ldap_response: msgid=1 tag=101 err=0 ber_flush: 14 bytes to sd 9 connection_get(9): got connid=0 connection_read(9): checking for input on id=0 ber_get_next ber_get_next: tag 0x30 len 620 contents: ber_get_next ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable) do_bind ber_scanf fmt ({imt) ber: ber_scanf fmt ({m) ber: ber_scanf fmt (m) ber: ber_scanf fmt (}}) ber: >>> dnPrettyNormal: <uid=ldap,cn=gssapi,cn=auth> <<< dnPrettyNormal: <uid=ldap,cn=gssapi,cn=auth>, <uid=ldap,cn=gssapi,cn=auth> do_sasl_bind: dn (uid=ldap,cn=gssapi,cn=auth) mech GSSAPI send_ldap_sasl: err=14 len=153 send_ldap_response: msgid=2 tag=97 err=14 ber_flush: 172 bytes to sd 9 <== slap_sasl_bind: rc=14 connection_get(9): got connid=0 connection_read(9): checking for input on id=0 ber_get_next ber_get_next: tag 0x30 len 46 contents: ber_get_next ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable) do_bind ber_scanf fmt ({imt) ber: ber_scanf fmt ({m) ber: ber_scanf fmt (}}) ber: >>> dnPrettyNormal: <uid=ldap,cn=gssapi,cn=auth> <<< dnPrettyNormal: <uid=ldap,cn=gssapi,cn=auth>, <uid=ldap,cn=gssapi,cn=auth> do_sasl_bind: dn (uid=ldap,cn=gssapi,cn=auth) mech GSSAPI send_ldap_sasl: err=14 len=65 send_ldap_response: msgid=3 tag=97 err=14 ber_flush: 81 bytes to sd 9 <== slap_sasl_bind: rc=14 connection_get(9): got connid=0 connection_read(9): checking for input on id=0 ber_get_next ber_get_next: tag 0x30 len 113 contents: ber_get_next do_bind ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable) ber_scanf fmt ({imt) ber: ber_scanf fmt ({m) ber: ber_scanf fmt (m) ber: ber_scanf fmt (}}) ber: >>> dnPrettyNormal: <uid=ldap,cn=gssapi,cn=auth> <<< dnPrettyNormal: <uid=ldap,cn=gssapi,cn=auth>, <uid=ldap,cn=gssapi,cn=auth> do_sasl_bind: dn (uid=ldap,cn=gssapi,cn=auth) mech GSSAPI slap_sasl_getdn: u:id converted to uid=root/admin,cn=TLC2.UH.EDU,cn=GSSAPI,cn=auth >>> dnNormalize: <uid=root/admin,cn=TLC2.UH.EDU,cn=GSSAPI,cn=auth> <<< dnNormalize: <uid=root/admin,cn=tlc2.uh.edu,cn=gssapi,cn=auth> ==>slap_sasl2dn: converting SASL name uid=root/admin,cn=tlc2.uh.edu,cn=gssapi,cn=auth to a DN slap_authz_regexp: converting SASL name uid=root/admin,cn=tlc2.uh.edu,cn=gssapi,cn=auth slap_authz_regexp: converted SASL name to ldap:///c=SE??sub?(krb5PrincipalName=root/admin@TLC2.UH.EDU) slap_parseURI: parsing ldap:///c=SE??sub?(krb5PrincipalName=root/admin@TLC2.UH.EDU) ldap_url_parse_ext(ldap:///c=SE??sub?(krb5PrincipalName=root/admin@TLC2.UH.EDU))put_filter: "(krb5PrincipalName=root/admin@TLC2.UH.EDU)" put_filter: simple put_simple_filter: "krb5PrincipalName=root/admin@TLC2.UH.EDU" ber_scanf fmt ({mm}) ber: >>> dnNormalize: <c=SE> <<< dnNormalize: <c=se> slap_sasl2dn: performing internal search (base=c=se, scope=2) <==slap_sasl2dn: Converted SASL name to <nothing> SASL [conn=0] Error: unable to open Berkeley db /etc/sasldb2: No such file or directory SASL Authorize [conn=0]: proxy authorization allowed authzDN="" send_ldap_sasl: err=0 len=-1 do_bind: SASL/GSSAPI bind: dn="uid=root/admin,cn=tlc2.uh.edu,cn=gssapi,cn=auth" ssf=56 send_ldap_response: msgid=4 tag=97 err=0 ber_flush: 14 bytes to sd 9 <== slap_sasl_bind: rc=0 connection_get(9): got connid=0 connection_read(9): checking for input on id=0 ldap_pvt_sasl_install ber_get_next ber_get_next: tag 0x30 len 57 contents: ber_get_next do_search ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable) ber_scanf fmt ({miiiib) ber: >>> dnPrettyNormal: <dc=tlc2,dc=uh,dc=edu> <<< dnPrettyNormal: <dc=tlc2,dc=uh,dc=edu>, <dc=tlc2,dc=uh,dc=edu> ber_scanf fmt (m) ber: ber_scanf fmt ({M}}) ber: ==> limits_get: conn=0 op=4 dn="uid=root/admin,cn=tlc2.uh.edu,cn=gssapi,cn=auth"==>backsql_search(): base="dc=tlc2,dc=uh,dc=edu", filter="(objectClass=*)", scope=2, deref=0, attrsonly=0, attributes to load: all ==>backsql_get_db_conn() ==>backsql_open_db_conn(0) backsql_open_db_conn(0): connected, adding to tree. <==backsql_open_db_conn(0) <==backsql_get_db_conn() ==>backsql_dn2id("dc=tlc2,dc=uh,dc=edu") matched expected backsql_dn2id("dc=tlc2,dc=uh,dc=edu"): id_query "SELECT id,keyval,oc_map_id,dn FROM ldap_entries WHERE dn_ru=?" backsql_dn2id("dc=tlc2,dc=uh,dc=edu"): upperdn="UDE=CD,HU=CD,2CLT=CD" backsql_dn2id("dc=tlc2,dc=uh,dc=edu"): error executing query ("SELECT id,keyval,oc_map_id,dn FROM ldap_entries WHERE dn_ru=?", "UDE=CD,HU=CD,2CLT=CD"): Return code: -1 Native error code: 1054 SQL engine state: S0022 Message: [unixODBC][MySQL][ODBC 3.51 Driver][mysqld-5.0.22]Unknown column 'dn_ru' in 'where clause' Segmentation fault

That's weird, it appears as if running as the ldap user, there's something we can't access, yet as root, we get it and it causes a SEGFAULT. Hmm...here's what strace generated when I started slapd normally ( w/out debugging ) and then fired up strace in another window, and queried w/ ldapsearch from another : <ONLY INCLUDING TAIL END OF OUTPUT, EMAIL FOR REST> [pid 21256] connect(13, {sa_family=AF_FILE, path="/var/lib/mysql/mysql.sock"}, 110) = 0 [pid 21256] setsockopt(13, SOL_IP, IP_TOS, [8], 4) = -1 EOPNOTSUPP (Operation not supported) [pid 21256] setsockopt(13, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0 [pid 21256] read(13, "4\0\0\0\n5.0.22\0\344\0\0\0CwStr^^>\0,\242\10\2\0\0\0"..., 16384) = 56 [pid 21256] stat64("/usr/share/mysql/charsets/Index.xml", <unfinished ...> [pid 21249] <... send resumed> ) = 87 [pid 21256] <... stat64 resumed> {st_dev=makedev(8, 3), st_ino=5462574, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=48, st_size=18221, st_atime=2006/07/06-11:33:54, st_mtime=2006/06/01-15:01:09, st_ctime=2006/06/15-20:10:16}) = 0 [pid 21249] futex(0x3bdbcc, FUTEX_WAKE, 1 <unfinished ...> [pid 21256] brk(0x83d0000 <unfinished ...> [pid 21249] <... futex resumed> ) = 0 [pid 21256] <... brk resumed> ) = 0x83d0000 [pid 21249] futex(0x3bd120, FUTEX_WAIT, 2, NULL <unfinished ...> [pid 21256] futex(0x3bd120, FUTEX_WAKE, 1 <unfinished ...> [pid 21249] <... futex resumed> ) = -1 EAGAIN (Resource temporarily unavailable) [pid 21256] <... futex resumed> ) = 0 [pid 21249] futex(0x3bd120, FUTEX_WAKE, 1 <unfinished ...> [pid 21256] open("/usr/share/mysql/charsets/Index.xml", O_RDONLY|O_LARGEFILE <unfinished ...> [pid 21249] <... futex resumed> ) = 0 [pid 21256] <... open resumed> ) = 14 [pid 21249] epoll_wait(6, <unfinished ...> [pid 21256] read(14, "<?xml version=\'1.0\' encoding=\"ut"..., 18221) = 18221 [pid 21256] close(14) = 0 [pid 21256] brk(0x83cb000) = 0x83cb000 [pid 21256] write(13, "?\0\0\1\315\242\2\0\0\0\0@\10\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 67) = 67 [pid 21256] read(13, "\7\0\0\2\0\0\0\2\0\0\0", 16384) = 11 [pid 21256] time(NULL) = 1152203663 [pid 21256] poll([{fd=13, events=POLLIN|POLLPRI}], 1, 0) = 0 [pid 21256] write(13, "\21\0\0\0\3SET AUTOCOMMIT=0", 21) = 21 [pid 21256] read(13, "\7\0\0\1\0\0\0\0\0\0\0", 16384) = 11 [pid 21256] semop(262144, 0xb791f888, 2) = 0 [pid 21256] semop(262144, 0xb791f88e, 1) = 0 [pid 21256] time(NULL) = 1152203663 [pid 21256] poll([{fd=13, events=POLLIN|POLLPRI}], 1, 0) = 0 [pid 21256] write(13, "S\0\0\0\3SELECT id,keyval,oc_map_id,"..., 87) = 87 [pid 21256] read(13, "1\0\0\1\377\36\4#42S22Unknown column \'dn_"..., 16384) = 53 [pid 21256] --- SIGSEGV (Segmentation fault) @ 0 (0) --- Process 21244 detached Process 21256 detached [pid 21249] <... epoll_wait resumed> 8264238, 1024, 30000) = -1 EINTR (Interrupted system call) [pid 21249] +++ killed by SIGSEGV +++ PANIC: handle_group_exit: 21249 leader 21244 Process 21249 detached Process 21244 detached

Really, the only important part of that is the end, but I can include more if anyone needs it ( I figured noone wants to read the entire strace output ). Here's what I get running as the root user : <CUT FOR BREVITY, EMAIL FOR THE REST> [pid 22193] stat64("/usr/share/mysql/charsets/Index.xml", {st_dev=makedev(8, 3), st_ino=5462574, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=48, st_size=18221, st_atime=2006/07/06-12:49:49, st_mtime=2006/06/01-15:01:09, st_ctime=2006/06/15-20:10:16}) = 0 [pid 22193] brk(0x9542000) = 0x9542000 [pid 22193] open("/usr/share/mysql/charsets/Index.xml", O_RDONLY|O_LARGEFILE) = 12 [pid 22193] read(12, "<?xml version=\'1.0\' encoding=\"ut"..., 18221) = 18221 [pid 22193] close(12) = 0 [pid 22193] brk(0x953e000) = 0x953e000 [pid 22193] write(11, "?\0\0\1\315\242\2\0\0\0\0@\10\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 67) = 67 [pid 22193] read(11, "\7\0\0\2\0\0\0\2\0\0\0", 16384) = 11 [pid 22193] time(NULL) = 1152208222 [pid 22193] poll([{fd=11, events=POLLIN|POLLPRI}], 1, 0) = 0 [pid 22193] write(11, "\21\0\0\0\3SET AUTOCOMMIT=0", 21) = 21 [pid 22193] read(11, "\7\0\0\1\0\0\0\0\0\0\0", 16384) = 11 [pid 22193] write(2, "backsql_open_db_conn(0): connect"..., 52) = 52 [pid 22193] write(2, "<==backsql_open_db_conn(0)\n", 27) = 27 [pid 22193] write(2, "<==backsql_get_db_conn()\n", 25) = 25 [pid 22193] write(2, "==>backsql_dn2id(\"dc=tlc2,dc=uh,"..., 58) = 58 [pid 22193] write(2, " backsql_dn2id(\"dc=tlc2,dc=uh,"..., 115) = 115 [pid 22193] semop(262144, 0xb78ab888, 2) = 0 [pid 22193] semop(262144, 0xb78ab88e, 1) = 0 [pid 22193] write(2, " backsql_dn2id(\"dc=tlc2,dc=uh,"..., 73) = 73 [pid 22193] time(NULL) = 1152208222 [pid 22193] poll([{fd=11, events=POLLIN|POLLPRI}], 1, 0) = 0 [pid 22193] write(11, "S\0\0\0\3SELECT id,keyval,oc_map_id,"..., 87) = 87 [pid 22193] read(11, "1\0\0\1\377\36\4#42S22Unknown column \'dn_"..., 16384) = 53 [pid 22193] write(2, " backsql_dn2id(\"dc=tlc2,dc=uh,"..., 155) = 155 [pid 22193] write(2, "Return code: -1\n", 16) = 16 [pid 22193] write(2, " Native error code: 1054\n SQ"..., 168) = 168 [pid 22193] --- SIGSEGV (Segmentation fault) @ 0 (0) --- Process 22179 detached Process 22193 detached [pid 22181] <... epoll_wait resumed> 93d8220, 1024, 30000) = -1 EINTR (Interrupted system call) [pid 22181] +++ killed by SIGSEGV +++ PANIC: handle_group_exit: 22181 leader 22179 Process 22181 detached Process 22179 detached Also, I get this in my logfiles : Jul 6 12:53:30 uiln001 slapd[22210]: sql_select option missing Jul 6 12:53:30 uiln001 slapd[22210]: auxpropfunc error no mechanism available Jul 6 12:53:30 uiln001 slapd[22210]: auxpropfunc error invalid parameter supplied which I don't know if it has anything to w/ the problem or not. What the strace and slapd -d1 output seems to point to is that the

has_ldapinfo_dn_ru      no

statement fried something in my SQL database. From what I can find online, it appears that the statement handles how back-sql maps queries into the database, but I couldn't find one definitive answer ( the most complete answer I found is on Microsoft's website, and I hardly think that would be very compatible w/ OpenLDAP's implementation, unless MS has really changed their definition of the word 'standards' ). Could someone please explain this to me, and why it is now causing slapd to alternately crash or returns unauthorized? Also, any hints as to what I was doing wrong in the first place that I wasn't able to find any of the LDAP tables in the first place would be much appreciated. Also, I'm running Fedora Core 5, with the following packages : openldap-devel-2.3.19-4 openldap-servers-2.3.19-4 openldap-servers-sql-2.3.19-4 openldap-2.3.19-4 openldap-clients-2.3.19-4 krb5-devel-1.4.3-4.1 krb5-libs-1.4.3-4.1 pam_krb5-2.2.6-2.2 krb5-workstation-1.4.3-4.1 krb5-auth-dialog-0.6.cvs20060212-1 krb5-server-1.4.3-4.1 please let me know if you need any more information. Also, I am more than willing to wipe out and recreate the database in MySQL ( what's the simplest way to do it w/out damaging anything else? ) if that's what needs to be done. Thanks in advance... Regards, Derek R.

---
derek.richardson@ieee.org
derekr42@gmail.com
derekr@tlc2.uh.edu
dmrichar@uh.edu
drichardson4@uh.edu
---
"As a rule, dictatorships guarantee safe streets and
terror of the doorbell. In democracy the streets
may be unsafe after dark, but the most likely visitor
in the early hours will be the milkman."
-- Adam Michnik

begin:vcard
fn:Derek Richardson
n:Richardson;Derek
org:University of Houston;Texas Learning and Computation Center
adr:;;218 Philip G. Hoffman Hall;Houston;Texas;77204-3058;United States of America
email;internet:derekr@tlc2.uh.edu
title:Linux Cluster Administrator
tel;work:7137433361
tel;fax:7137433376 
tel;home:7138191303
tel;cell:7138191303
x-mozilla-html:TRUE
url:http://www.tlc2.uh.edu
version:2.1
end:vcard

Follow-Ups:
- Re: issue w/ LDAP that I have encountered
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: issue w/ LDAP that I have encountered
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: HDB Production Usage
Next by Date: pPolicy troubles/questions
Index(es):
- Chronological
- Thread