2010/6/10 Quanah Gibson-Mount quanah@zimbra.com:
--On Thursday, June 10, 2010 1:36 PM +0200 Frank Van Damme frank.vandamme@gmail.com wrote:
2010/6/7 Quanah Gibson-Mount quanah@zimbra.com:
--On Monday, June 07, 2010 11:56 AM +0200 Frank Van Damme What version of OpenLDAP are you using? You've failed to mention that anywhere.
2.4.11 (Debian 5.0).
There have been multiple fixes to smbk5pwd since that release. Plus hundreds of fixes elsewhere in the software. I would highly advise you to upgrade to a current release, and most specifically to build OpenLDAP with OpenSSL rather than GnuTLS. Once you've done that, then see if you continue to have issues.
--Quanah
I did so.
I had some rough times trying to get through the compilation process (of version 2.4.21), because test 44 kept failing - then I disabled the dynlist overlay which tests the dynlist and compilation succeeded fine. The server works, too.
But the original problem has not gone away. As soon as I try ldappasswd-ing with the smb5kpwd overlay enabled, the process hangs (at least, if authentication of the user I test this with, succeeds). The module is off course compiled from the contrib tree of 2.4.21.
Op 16-06-10 21:40, Frank Van Damme schreef:
I did so.
I had some rough times trying to get through the compilation process (of version 2.4.21), because test 44 kept failing - then I disabled the dynlist overlay which tests the dynlist and compilation succeeded fine. The server works, too.
But the original problem has not gone away. As soon as I try ldappasswd-ing with the smb5kpwd overlay enabled, the process hangs (at least, if authentication of the user I test this with, succeeds). The module is off course compiled from the contrib tree of 2.4.21.
OK, I finally figured it out. It was a configuration issue after all - you need to put the "overlay" directive behind the "database" directive. Otherwise the server wil start fine (without crash, errors or complaint about syntax), but refuse to actually execute the password change operation.
--On Wednesday, June 23, 2010 3:39 PM +0200 Frank Van Damme frank.vandamme@gmail.com wrote:
Op 16-06-10 21:40, Frank Van Damme schreef:
I did so.
I had some rough times trying to get through the compilation process (of version 2.4.21), because test 44 kept failing - then I disabled the dynlist overlay which tests the dynlist and compilation succeeded fine. The server works, too.
But the original problem has not gone away. As soon as I try ldappasswd-ing with the smb5kpwd overlay enabled, the process hangs (at least, if authentication of the user I test this with, succeeds). The module is off course compiled from the contrib tree of 2.4.21.
OK, I finally figured it out. It was a configuration issue after all - you need to put the "overlay" directive behind the "database" directive. Otherwise the server wil start fine (without crash, errors or complaint about syntax), but refuse to actually execute the password change operation.
As noted in the man pages?
GENERAL DATABASE OPTIONS
overlay <overlay-name> Add the specified overlay to this database. An overlay is a piece of code that intercepts database operations in order to extend or change them. Overlays are pushed onto a stack over the database, and so they will execute in the reverse of the order in which they were configured and the database itself will receive control last of all. See the slapd.overlays(5) manual page for an overview of the available overlays. Note that all of the database's regular settings should be configured before any overlay settings.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org