SCIENTIFIC-LINUX-DEVEL Archives

January 2012

SCIENTIFIC-LINUX-DEVEL@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Recent updates break autofs/ldap/krb5
From:
Pat Riehecky <[log in to unmask]>
Reply To:
Pat Riehecky <[log in to unmask]>
Date:
Thu, 12 Jan 2012 10:14:57 -0600
Content-Type:
text/plain
Parts/Attachments:
text/plain (254 lines) 
On 01/12/2012 10:03 AM, Jonathan G. Underwood wrote:
> On 12/01/12 14:34, Pat Riehecky wrote:
>> Thanks for the info, but I will confess I find this surprising.
>>
>> The openldap packages made available yesterday are from SL6.1. They were
>> published for everyone as a result of the ipa security advisory. IPA
>> required a newer openldap than was available for SL6.0, but did not
>> require the latest it seemed that this version, which has been in SL6.1
>> since its release, was the safest.
>>
>> When it was originally built, it was built against the older kerberos
>> libraries as they were the newest available at the
>> time, but if upstream kept their promise to keep a stable api it should
>> still work as expected.
>>
>> Is it possible for you to test the openldap from 6.2 (in 6rolling
>> http://ftp.scientificlinux.org/linux/scientific/6rolling/x86_64/os/repoview/letter_o.group.html) 
>>
>> and see if the problem persists.
>>
>
> I'm a little confused - you're asking me to try package 2.4.23-15.el6. 
> But that's what the SL 6.0 update is...
>
> Or are you saying that the openldap-2.4.23-15.el6 from the SL6rolling 
> repo has been rebuilt differently to the openldap-2.4.23-15.el6 from 
> the SL6.0 repo?
>
> J

I'm curious if the package from 6.2 (currently in the 6rolling tree - 
version 2.4.23-20.el6) will perform better.  The segfault you've 
reported seems to indicate something kerberos related.  There was a 
Critical kerberos security update for 6 which you've got installed, I'm 
wondering if the openldap packages from 6.2, which were built against a 
newer kerberos library (but not the security update as that didn't exist 
at the time) show the problem.  Perhaps the newer build will resolve 
this for you.

If you can try the 2.4.23-20.el6 packages and let me know if those also 
exhibit the problem, that would be great.

I'm still somewhat curious on the 6.0 vs 6.1 difference here.  I've 
heard no reports of a problem with the 2.4.23-15.el6 ldap packages on 
6.1, and they've had them since the release.  That's why they were 
chosen to fix the IPA dependency issue.  Does anyone else out there see 
this same problem?  Perhaps it is somehow local to the environment.

Pat

>
>
>> Name : openldap Relocations: (not relocatable)
>> Version : 2.4.23 Vendor: Scientific Linux
>> Release : 15.el6 Build Date: Wed 25 May 2011 12:04:01 PM CDT
>> Install Date: (not installed) Build Host: spacewalk.fnal.gov
>> Group : System Environment/Daemons Source RPM:
>> openldap-2.4.23-15.el6.src.rpm
>> Size : 771714 License: OpenLDAP
>> Signature : DSA/SHA1, Wed 25 May 2011 02:21:58 PM CDT, Key ID
>> b0b4183f192a7d7d
>> Packager : Scientific Linux
>> URL : http://www.openldap.org/
>> Summary : LDAP support libraries
>> Description :
>> OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
>> Protocol) applications and development tools. LDAP is a set of
>> protocols for accessing directory services (usually phone book style
>> information, but other information is possible) over the Internet,
>> similar to the way DNS (Domain Name System) information is propagated
>> over the Internet. The openldap package contains configuration files,
>> libraries, and documentation for OpenLDAP.
>>
>> Name : openldap Relocations: (not relocatable)
>> Version : 2.4.23 Vendor: Scientific Linux
>> Release : 15.el6 Build Date: Wed 25 May 2011 12:03:51 PM CDT
>> Install Date: (not installed) Build Host: sl6.fnal.gov
>> Group : System Environment/Daemons Source RPM:
>> openldap-2.4.23-15.el6.src.rpm
>> Size : 765934 License: OpenLDAP
>> Signature : DSA/SHA1, Wed 25 May 2011 02:22:01 PM CDT, Key ID
>> b0b4183f192a7d7d
>> Packager : Scientific Linux
>> URL : http://www.openldap.org/
>> Summary : LDAP support libraries
>> Description :
>> OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
>> Protocol) applications and development tools. LDAP is a set of
>> protocols for accessing directory services (usually phone book style
>> information, but other information is possible) over the Internet,
>> similar to the way DNS (Domain Name System) information is propagated
>> over the Internet. The openldap package contains configuration files,
>> libraries, and documentation for OpenLDAP.
>>
>> Name : openldap-clients Relocations: (not relocatable)
>> Version : 2.4.23 Vendor: Scientific Linux
>> Release : 15.el6 Build Date: Wed 25 May 2011 12:03:51 PM CDT
>> Install Date: (not installed) Build Host: sl6.fnal.gov
>> Group : Applications/Internet Source RPM: openldap-2.4.23-15.el6.src.rpm
>> Size : 608763 License: OpenLDAP
>> Signature : DSA/SHA1, Wed 25 May 2011 02:22:01 PM CDT, Key ID
>> b0b4183f192a7d7d
>> Packager : Scientific Linux
>> URL : http://www.openldap.org/
>> Summary : LDAP client utilities
>> Description :
>> OpenLDAP is an open-source suite of LDAP (Lightweight Directory Access
>> Protocol) applications and development tools. LDAP is a set of
>> protocols for accessing directory services (usually phone book style
>> information, but other information is possible) over the Internet,
>> similar to the way DNS (Domain Name System) information is propagated
>> over the Internet. The openldap-clients package contains the client
>> programs needed for accessing and modifying OpenLDAP directories.
>>
>> Name : openldap-devel Relocations: (not relocatable)
>> Version : 2.4.23 Vendor: Scientific Linux
>> Release : 15.el6 Build Date: Wed 25 May 2011 12:04:01 PM CDT
>> Install Date: (not installed) Build Host: spacewalk.fnal.gov
>> Group : Development/Libraries Source RPM: openldap-2.4.23-15.el6.src.rpm
>> Size : 5046515 License: OpenLDAP
>> Signature : DSA/SHA1, Wed 25 May 2011 02:21:59 PM CDT, Key ID
>> b0b4183f192a7d7d
>> Packager : Scientific Linux
>> URL : http://www.openldap.org/
>> Summary : LDAP development libraries and header files
>> Description :
>> The openldap-devel package includes the development libraries and
>> header files needed for compiling applications that use LDAP
>> (Lightweight Directory Access Protocol) internals. LDAP is a set of
>> protocols for enabling directory services over the Internet. Install
>> this package only if you plan to develop or will need to compile
>> customized LDAP clients.
>>
>> Name : openldap-devel Relocations: (not relocatable)
>> Version : 2.4.23 Vendor: Scientific Linux
>> Release : 15.el6 Build Date: Wed 25 May 2011 12:03:51 PM CDT
>> Install Date: (not installed) Build Host: sl6.fnal.gov
>> Group : Development/Libraries Source RPM: openldap-2.4.23-15.el6.src.rpm
>> Size : 5286745 License: OpenLDAP
>> Signature : DSA/SHA1, Wed 25 May 2011 02:22:01 PM CDT, Key ID
>> b0b4183f192a7d7d
>> Packager : Scientific Linux
>> URL : http://www.openldap.org/
>> Summary : LDAP development libraries and header files
>> Description :
>> The openldap-devel package includes the development libraries and
>> header files needed for compiling applications that use LDAP
>> (Lightweight Directory Access Protocol) internals. LDAP is a set of
>> protocols for enabling directory services over the Internet. Install
>> this package only if you plan to develop or will need to compile
>> customized LDAP clients.
>>
>> Name : openldap-servers Relocations: (not relocatable)
>> Version : 2.4.23 Vendor: Scientific Linux
>> Release : 15.el6 Build Date: Wed 25 May 2011 12:03:51 PM CDT
>> Install Date: (not installed) Build Host: sl6.fnal.gov
>> Group : System Environment/Daemons Source RPM:
>> openldap-2.4.23-15.el6.src.rpm
>> Size : 4541382 License: OpenLDAP
>> Signature : DSA/SHA1, Wed 25 May 2011 02:22:02 PM CDT, Key ID
>> b0b4183f192a7d7d
>> Packager : Scientific Linux
>> URL : http://www.openldap.org/
>> Summary : LDAP server
>> Description :
>> OpenLDAP is an open-source suite of LDAP (Lightweight Directory Access
>> Protocol) applications and development tools. LDAP is a set of
>> protocols for accessing directory services (usually phone book style
>> information, but other information is possible) over the Internet,
>> similar to the way DNS (Domain Name System) information is propagated
>> over the Internet. This package contains the slapd server and related
>> files.
>>
>> Name : openldap-servers-sql Relocations: (not relocatable)
>> Version : 2.4.23 Vendor: Scientific Linux
>> Release : 15.el6 Build Date: Wed 25 May 2011 12:03:51 PM CDT
>> Install Date: (not installed) Build Host: sl6.fnal.gov
>> Group : System Environment/Daemons Source RPM:
>> openldap-2.4.23-15.el6.src.rpm
>> Size : 289119 License: OpenLDAP
>> Signature : DSA/SHA1, Wed 25 May 2011 02:22:02 PM CDT, Key ID
>> b0b4183f192a7d7d
>> Packager : Scientific Linux
>> URL : http://www.openldap.org/
>> Summary : SQL support module for OpenLDAP server
>> Description :
>> OpenLDAP is an open-source suite of LDAP (Lightweight Directory Access
>> Protocol) applications and development tools. LDAP is a set of
>> protocols for accessing directory services (usually phone book style
>> information, but other information is possible) over the Internet,
>> similar to the way DNS (Domain Name System) information is propagated
>> over the Internet. This package contains a loadable module which the
>> slapd server can use to read data from an RDBMS.
>>
>>
>> On 01/12/2012 06:49 AM, Jonathan G. Underwood wrote:
>>> Further to this, I can confirm that downgrading openldap and
>>> openldap-clients fixes this problem (to version 2.4.19-15).
>>>
>>> So, it looks to me like the new openldap packages have been linked
>>> wrongly...
>>>
>>> Jonathan.
>>>
>>>
>>>
>>> On 12/01/12 12:42, Jonathan G. Underwood wrote:
>>>> Hi,
>>>>
>>>> On my local SL 6.0 machines I am seeing that autofs is broken by the
>>>> recent set of updated (probably the openldap update being 
>>>> responsible).
>>>> Specifically, I am storing automount maps on an openldap server, and
>>>> using kerberos authentication on the clients. Restarting the autofs
>>>> service I see:
>>>>
>>>> Jan 12 12:34:36 mia automount[681]: open_lookup:90: cannot open lookup
>>>> module ldap (/usr/lib64/autofs/lookup_ldap.so: undefined symbol:
>>>> krb5_get_init_creds_keytab)
>>>>
>>>> Specific package versions:
>>>>
>>>> # rpm -qa | grep krb5
>>>> krb5-libs-1.9-22.el6_2.1.i686
>>>> krb5-debuginfo-1.9-22.el6_2.1.x86_64
>>>> krb5-appl-clients-1.0.1-7.el6_2.x86_64
>>>> krb5-auth-dialog-0.13-3.el6.x86_64
>>>> pam_krb5-2.3.11-1.el6.x86_64
>>>> krb5-workstation-1.9-22.el6_2.1.x86_64
>>>> krb5-pkinit-openssl-1.9-22.el6_2.1.x86_64
>>>> krb5-libs-1.9-22.el6_2.1.x86_64
>>>>
>>>> # rpm -qa | grep autofs
>>>> autofs-5.0.5-23.el6_0.1.x86_64
>>>>
>>>> # rpm -qa | grep openldap
>>>> openldap-clients-2.4.23-15.el6.x86_64
>>>> openldap-2.4.23-15.el6.i686
>>>> openldap-2.4.23-15.el6.x86_64
>>>> compat-openldap-2.3.43-2.el6.x86_64
>>>>
>>>>
>>>> Anyone else seeing this?
>>>>
>>>> Cheers,
>>>> Jonathan.
>>
>>


-- 
Pat Riehecky
Scientific Linux Developer

ATOM RSS1 RSS2