SCIENTIFIC-LINUX-DEVEL Archives

January 2012

SCIENTIFIC-LINUX-DEVEL@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Recent updates break autofs/ldap/krb5
From:
"Jonathan G. Underwood" <[log in to unmask]>
Reply To:
Jonathan G. Underwood
Date:
Thu, 12 Jan 2012 16:03:14 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (225 lines) 
On 12/01/12 14:34, Pat Riehecky wrote:
> Thanks for the info, but I will confess I find this surprising.
>
> The openldap packages made available yesterday are from SL6.1. They were
> published for everyone as a result of the ipa security advisory. IPA
> required a newer openldap than was available for SL6.0, but did not
> require the latest it seemed that this version, which has been in SL6.1
> since its release, was the safest.
>
> When it was originally built, it was built against the older kerberos
> libraries as they were the newest available at the
> time, but if upstream kept their promise to keep a stable api it should
> still work as expected.
>
> Is it possible for you to test the openldap from 6.2 (in 6rolling
> http://ftp.scientificlinux.org/linux/scientific/6rolling/x86_64/os/repoview/letter_o.group.html)
> and see if the problem persists.
>

I'm a little confused - you're asking me to try package 2.4.23-15.el6. 
But that's what the SL 6.0 update is...

Or are you saying that the openldap-2.4.23-15.el6 from the SL6rolling 
repo has been rebuilt differently to the openldap-2.4.23-15.el6 from the 
SL6.0 repo?

J


> Name : openldap Relocations: (not relocatable)
> Version : 2.4.23 Vendor: Scientific Linux
> Release : 15.el6 Build Date: Wed 25 May 2011 12:04:01 PM CDT
> Install Date: (not installed) Build Host: spacewalk.fnal.gov
> Group : System Environment/Daemons Source RPM:
> openldap-2.4.23-15.el6.src.rpm
> Size : 771714 License: OpenLDAP
> Signature : DSA/SHA1, Wed 25 May 2011 02:21:58 PM CDT, Key ID
> b0b4183f192a7d7d
> Packager : Scientific Linux
> URL : http://www.openldap.org/
> Summary : LDAP support libraries
> Description :
> OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
> Protocol) applications and development tools. LDAP is a set of
> protocols for accessing directory services (usually phone book style
> information, but other information is possible) over the Internet,
> similar to the way DNS (Domain Name System) information is propagated
> over the Internet. The openldap package contains configuration files,
> libraries, and documentation for OpenLDAP.
>
> Name : openldap Relocations: (not relocatable)
> Version : 2.4.23 Vendor: Scientific Linux
> Release : 15.el6 Build Date: Wed 25 May 2011 12:03:51 PM CDT
> Install Date: (not installed) Build Host: sl6.fnal.gov
> Group : System Environment/Daemons Source RPM:
> openldap-2.4.23-15.el6.src.rpm
> Size : 765934 License: OpenLDAP
> Signature : DSA/SHA1, Wed 25 May 2011 02:22:01 PM CDT, Key ID
> b0b4183f192a7d7d
> Packager : Scientific Linux
> URL : http://www.openldap.org/
> Summary : LDAP support libraries
> Description :
> OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
> Protocol) applications and development tools. LDAP is a set of
> protocols for accessing directory services (usually phone book style
> information, but other information is possible) over the Internet,
> similar to the way DNS (Domain Name System) information is propagated
> over the Internet. The openldap package contains configuration files,
> libraries, and documentation for OpenLDAP.
>
> Name : openldap-clients Relocations: (not relocatable)
> Version : 2.4.23 Vendor: Scientific Linux
> Release : 15.el6 Build Date: Wed 25 May 2011 12:03:51 PM CDT
> Install Date: (not installed) Build Host: sl6.fnal.gov
> Group : Applications/Internet Source RPM: openldap-2.4.23-15.el6.src.rpm
> Size : 608763 License: OpenLDAP
> Signature : DSA/SHA1, Wed 25 May 2011 02:22:01 PM CDT, Key ID
> b0b4183f192a7d7d
> Packager : Scientific Linux
> URL : http://www.openldap.org/
> Summary : LDAP client utilities
> Description :
> OpenLDAP is an open-source suite of LDAP (Lightweight Directory Access
> Protocol) applications and development tools. LDAP is a set of
> protocols for accessing directory services (usually phone book style
> information, but other information is possible) over the Internet,
> similar to the way DNS (Domain Name System) information is propagated
> over the Internet. The openldap-clients package contains the client
> programs needed for accessing and modifying OpenLDAP directories.
>
> Name : openldap-devel Relocations: (not relocatable)
> Version : 2.4.23 Vendor: Scientific Linux
> Release : 15.el6 Build Date: Wed 25 May 2011 12:04:01 PM CDT
> Install Date: (not installed) Build Host: spacewalk.fnal.gov
> Group : Development/Libraries Source RPM: openldap-2.4.23-15.el6.src.rpm
> Size : 5046515 License: OpenLDAP
> Signature : DSA/SHA1, Wed 25 May 2011 02:21:59 PM CDT, Key ID
> b0b4183f192a7d7d
> Packager : Scientific Linux
> URL : http://www.openldap.org/
> Summary : LDAP development libraries and header files
> Description :
> The openldap-devel package includes the development libraries and
> header files needed for compiling applications that use LDAP
> (Lightweight Directory Access Protocol) internals. LDAP is a set of
> protocols for enabling directory services over the Internet. Install
> this package only if you plan to develop or will need to compile
> customized LDAP clients.
>
> Name : openldap-devel Relocations: (not relocatable)
> Version : 2.4.23 Vendor: Scientific Linux
> Release : 15.el6 Build Date: Wed 25 May 2011 12:03:51 PM CDT
> Install Date: (not installed) Build Host: sl6.fnal.gov
> Group : Development/Libraries Source RPM: openldap-2.4.23-15.el6.src.rpm
> Size : 5286745 License: OpenLDAP
> Signature : DSA/SHA1, Wed 25 May 2011 02:22:01 PM CDT, Key ID
> b0b4183f192a7d7d
> Packager : Scientific Linux
> URL : http://www.openldap.org/
> Summary : LDAP development libraries and header files
> Description :
> The openldap-devel package includes the development libraries and
> header files needed for compiling applications that use LDAP
> (Lightweight Directory Access Protocol) internals. LDAP is a set of
> protocols for enabling directory services over the Internet. Install
> this package only if you plan to develop or will need to compile
> customized LDAP clients.
>
> Name : openldap-servers Relocations: (not relocatable)
> Version : 2.4.23 Vendor: Scientific Linux
> Release : 15.el6 Build Date: Wed 25 May 2011 12:03:51 PM CDT
> Install Date: (not installed) Build Host: sl6.fnal.gov
> Group : System Environment/Daemons Source RPM:
> openldap-2.4.23-15.el6.src.rpm
> Size : 4541382 License: OpenLDAP
> Signature : DSA/SHA1, Wed 25 May 2011 02:22:02 PM CDT, Key ID
> b0b4183f192a7d7d
> Packager : Scientific Linux
> URL : http://www.openldap.org/
> Summary : LDAP server
> Description :
> OpenLDAP is an open-source suite of LDAP (Lightweight Directory Access
> Protocol) applications and development tools. LDAP is a set of
> protocols for accessing directory services (usually phone book style
> information, but other information is possible) over the Internet,
> similar to the way DNS (Domain Name System) information is propagated
> over the Internet. This package contains the slapd server and related
> files.
>
> Name : openldap-servers-sql Relocations: (not relocatable)
> Version : 2.4.23 Vendor: Scientific Linux
> Release : 15.el6 Build Date: Wed 25 May 2011 12:03:51 PM CDT
> Install Date: (not installed) Build Host: sl6.fnal.gov
> Group : System Environment/Daemons Source RPM:
> openldap-2.4.23-15.el6.src.rpm
> Size : 289119 License: OpenLDAP
> Signature : DSA/SHA1, Wed 25 May 2011 02:22:02 PM CDT, Key ID
> b0b4183f192a7d7d
> Packager : Scientific Linux
> URL : http://www.openldap.org/
> Summary : SQL support module for OpenLDAP server
> Description :
> OpenLDAP is an open-source suite of LDAP (Lightweight Directory Access
> Protocol) applications and development tools. LDAP is a set of
> protocols for accessing directory services (usually phone book style
> information, but other information is possible) over the Internet,
> similar to the way DNS (Domain Name System) information is propagated
> over the Internet. This package contains a loadable module which the
> slapd server can use to read data from an RDBMS.
>
>
> On 01/12/2012 06:49 AM, Jonathan G. Underwood wrote:
>> Further to this, I can confirm that downgrading openldap and
>> openldap-clients fixes this problem (to version 2.4.19-15).
>>
>> So, it looks to me like the new openldap packages have been linked
>> wrongly...
>>
>> Jonathan.
>>
>>
>>
>> On 12/01/12 12:42, Jonathan G. Underwood wrote:
>>> Hi,
>>>
>>> On my local SL 6.0 machines I am seeing that autofs is broken by the
>>> recent set of updated (probably the openldap update being responsible).
>>> Specifically, I am storing automount maps on an openldap server, and
>>> using kerberos authentication on the clients. Restarting the autofs
>>> service I see:
>>>
>>> Jan 12 12:34:36 mia automount[681]: open_lookup:90: cannot open lookup
>>> module ldap (/usr/lib64/autofs/lookup_ldap.so: undefined symbol:
>>> krb5_get_init_creds_keytab)
>>>
>>> Specific package versions:
>>>
>>> # rpm -qa | grep krb5
>>> krb5-libs-1.9-22.el6_2.1.i686
>>> krb5-debuginfo-1.9-22.el6_2.1.x86_64
>>> krb5-appl-clients-1.0.1-7.el6_2.x86_64
>>> krb5-auth-dialog-0.13-3.el6.x86_64
>>> pam_krb5-2.3.11-1.el6.x86_64
>>> krb5-workstation-1.9-22.el6_2.1.x86_64
>>> krb5-pkinit-openssl-1.9-22.el6_2.1.x86_64
>>> krb5-libs-1.9-22.el6_2.1.x86_64
>>>
>>> # rpm -qa | grep autofs
>>> autofs-5.0.5-23.el6_0.1.x86_64
>>>
>>> # rpm -qa | grep openldap
>>> openldap-clients-2.4.23-15.el6.x86_64
>>> openldap-2.4.23-15.el6.i686
>>> openldap-2.4.23-15.el6.x86_64
>>> compat-openldap-2.3.43-2.el6.x86_64
>>>
>>>
>>> Anyone else seeing this?
>>>
>>> Cheers,
>>> Jonathan.
>
>

ATOM RSS1 RSS2