On 12/01/12 14:34, Pat Riehecky wrote: > Thanks for the info, but I will confess I find this surprising. > > The openldap packages made available yesterday are from SL6.1. They were > published for everyone as a result of the ipa security advisory. IPA > required a newer openldap than was available for SL6.0, but did not > require the latest it seemed that this version, which has been in SL6.1 > since its release, was the safest. > > When it was originally built, it was built against the older kerberos > libraries as they were the newest available at the > time, but if upstream kept their promise to keep a stable api it should > still work as expected. > > Is it possible for you to test the openldap from 6.2 (in 6rolling > http://ftp.scientificlinux.org/linux/scientific/6rolling/x86_64/os/repoview/letter_o.group.html) > and see if the problem persists. > I'm a little confused - you're asking me to try package 2.4.23-15.el6. But that's what the SL 6.0 update is... Or are you saying that the openldap-2.4.23-15.el6 from the SL6rolling repo has been rebuilt differently to the openldap-2.4.23-15.el6 from the SL6.0 repo? J > Name : openldap Relocations: (not relocatable) > Version : 2.4.23 Vendor: Scientific Linux > Release : 15.el6 Build Date: Wed 25 May 2011 12:04:01 PM CDT > Install Date: (not installed) Build Host: spacewalk.fnal.gov > Group : System Environment/Daemons Source RPM: > openldap-2.4.23-15.el6.src.rpm > Size : 771714 License: OpenLDAP > Signature : DSA/SHA1, Wed 25 May 2011 02:21:58 PM CDT, Key ID > b0b4183f192a7d7d > Packager : Scientific Linux > URL : http://www.openldap.org/ > Summary : LDAP support libraries > Description : > OpenLDAP is an open source suite of LDAP (Lightweight Directory Access > Protocol) applications and development tools. LDAP is a set of > protocols for accessing directory services (usually phone book style > information, but other information is possible) over the Internet, > similar to the way DNS (Domain Name System) information is propagated > over the Internet. The openldap package contains configuration files, > libraries, and documentation for OpenLDAP. > > Name : openldap Relocations: (not relocatable) > Version : 2.4.23 Vendor: Scientific Linux > Release : 15.el6 Build Date: Wed 25 May 2011 12:03:51 PM CDT > Install Date: (not installed) Build Host: sl6.fnal.gov > Group : System Environment/Daemons Source RPM: > openldap-2.4.23-15.el6.src.rpm > Size : 765934 License: OpenLDAP > Signature : DSA/SHA1, Wed 25 May 2011 02:22:01 PM CDT, Key ID > b0b4183f192a7d7d > Packager : Scientific Linux > URL : http://www.openldap.org/ > Summary : LDAP support libraries > Description : > OpenLDAP is an open source suite of LDAP (Lightweight Directory Access > Protocol) applications and development tools. LDAP is a set of > protocols for accessing directory services (usually phone book style > information, but other information is possible) over the Internet, > similar to the way DNS (Domain Name System) information is propagated > over the Internet. The openldap package contains configuration files, > libraries, and documentation for OpenLDAP. > > Name : openldap-clients Relocations: (not relocatable) > Version : 2.4.23 Vendor: Scientific Linux > Release : 15.el6 Build Date: Wed 25 May 2011 12:03:51 PM CDT > Install Date: (not installed) Build Host: sl6.fnal.gov > Group : Applications/Internet Source RPM: openldap-2.4.23-15.el6.src.rpm > Size : 608763 License: OpenLDAP > Signature : DSA/SHA1, Wed 25 May 2011 02:22:01 PM CDT, Key ID > b0b4183f192a7d7d > Packager : Scientific Linux > URL : http://www.openldap.org/ > Summary : LDAP client utilities > Description : > OpenLDAP is an open-source suite of LDAP (Lightweight Directory Access > Protocol) applications and development tools. LDAP is a set of > protocols for accessing directory services (usually phone book style > information, but other information is possible) over the Internet, > similar to the way DNS (Domain Name System) information is propagated > over the Internet. The openldap-clients package contains the client > programs needed for accessing and modifying OpenLDAP directories. > > Name : openldap-devel Relocations: (not relocatable) > Version : 2.4.23 Vendor: Scientific Linux > Release : 15.el6 Build Date: Wed 25 May 2011 12:04:01 PM CDT > Install Date: (not installed) Build Host: spacewalk.fnal.gov > Group : Development/Libraries Source RPM: openldap-2.4.23-15.el6.src.rpm > Size : 5046515 License: OpenLDAP > Signature : DSA/SHA1, Wed 25 May 2011 02:21:59 PM CDT, Key ID > b0b4183f192a7d7d > Packager : Scientific Linux > URL : http://www.openldap.org/ > Summary : LDAP development libraries and header files > Description : > The openldap-devel package includes the development libraries and > header files needed for compiling applications that use LDAP > (Lightweight Directory Access Protocol) internals. LDAP is a set of > protocols for enabling directory services over the Internet. Install > this package only if you plan to develop or will need to compile > customized LDAP clients. > > Name : openldap-devel Relocations: (not relocatable) > Version : 2.4.23 Vendor: Scientific Linux > Release : 15.el6 Build Date: Wed 25 May 2011 12:03:51 PM CDT > Install Date: (not installed) Build Host: sl6.fnal.gov > Group : Development/Libraries Source RPM: openldap-2.4.23-15.el6.src.rpm > Size : 5286745 License: OpenLDAP > Signature : DSA/SHA1, Wed 25 May 2011 02:22:01 PM CDT, Key ID > b0b4183f192a7d7d > Packager : Scientific Linux > URL : http://www.openldap.org/ > Summary : LDAP development libraries and header files > Description : > The openldap-devel package includes the development libraries and > header files needed for compiling applications that use LDAP > (Lightweight Directory Access Protocol) internals. LDAP is a set of > protocols for enabling directory services over the Internet. Install > this package only if you plan to develop or will need to compile > customized LDAP clients. > > Name : openldap-servers Relocations: (not relocatable) > Version : 2.4.23 Vendor: Scientific Linux > Release : 15.el6 Build Date: Wed 25 May 2011 12:03:51 PM CDT > Install Date: (not installed) Build Host: sl6.fnal.gov > Group : System Environment/Daemons Source RPM: > openldap-2.4.23-15.el6.src.rpm > Size : 4541382 License: OpenLDAP > Signature : DSA/SHA1, Wed 25 May 2011 02:22:02 PM CDT, Key ID > b0b4183f192a7d7d > Packager : Scientific Linux > URL : http://www.openldap.org/ > Summary : LDAP server > Description : > OpenLDAP is an open-source suite of LDAP (Lightweight Directory Access > Protocol) applications and development tools. LDAP is a set of > protocols for accessing directory services (usually phone book style > information, but other information is possible) over the Internet, > similar to the way DNS (Domain Name System) information is propagated > over the Internet. This package contains the slapd server and related > files. > > Name : openldap-servers-sql Relocations: (not relocatable) > Version : 2.4.23 Vendor: Scientific Linux > Release : 15.el6 Build Date: Wed 25 May 2011 12:03:51 PM CDT > Install Date: (not installed) Build Host: sl6.fnal.gov > Group : System Environment/Daemons Source RPM: > openldap-2.4.23-15.el6.src.rpm > Size : 289119 License: OpenLDAP > Signature : DSA/SHA1, Wed 25 May 2011 02:22:02 PM CDT, Key ID > b0b4183f192a7d7d > Packager : Scientific Linux > URL : http://www.openldap.org/ > Summary : SQL support module for OpenLDAP server > Description : > OpenLDAP is an open-source suite of LDAP (Lightweight Directory Access > Protocol) applications and development tools. LDAP is a set of > protocols for accessing directory services (usually phone book style > information, but other information is possible) over the Internet, > similar to the way DNS (Domain Name System) information is propagated > over the Internet. This package contains a loadable module which the > slapd server can use to read data from an RDBMS. > > > On 01/12/2012 06:49 AM, Jonathan G. Underwood wrote: >> Further to this, I can confirm that downgrading openldap and >> openldap-clients fixes this problem (to version 2.4.19-15). >> >> So, it looks to me like the new openldap packages have been linked >> wrongly... >> >> Jonathan. >> >> >> >> On 12/01/12 12:42, Jonathan G. Underwood wrote: >>> Hi, >>> >>> On my local SL 6.0 machines I am seeing that autofs is broken by the >>> recent set of updated (probably the openldap update being responsible). >>> Specifically, I am storing automount maps on an openldap server, and >>> using kerberos authentication on the clients. Restarting the autofs >>> service I see: >>> >>> Jan 12 12:34:36 mia automount[681]: open_lookup:90: cannot open lookup >>> module ldap (/usr/lib64/autofs/lookup_ldap.so: undefined symbol: >>> krb5_get_init_creds_keytab) >>> >>> Specific package versions: >>> >>> # rpm -qa | grep krb5 >>> krb5-libs-1.9-22.el6_2.1.i686 >>> krb5-debuginfo-1.9-22.el6_2.1.x86_64 >>> krb5-appl-clients-1.0.1-7.el6_2.x86_64 >>> krb5-auth-dialog-0.13-3.el6.x86_64 >>> pam_krb5-2.3.11-1.el6.x86_64 >>> krb5-workstation-1.9-22.el6_2.1.x86_64 >>> krb5-pkinit-openssl-1.9-22.el6_2.1.x86_64 >>> krb5-libs-1.9-22.el6_2.1.x86_64 >>> >>> # rpm -qa | grep autofs >>> autofs-5.0.5-23.el6_0.1.x86_64 >>> >>> # rpm -qa | grep openldap >>> openldap-clients-2.4.23-15.el6.x86_64 >>> openldap-2.4.23-15.el6.i686 >>> openldap-2.4.23-15.el6.x86_64 >>> compat-openldap-2.3.43-2.el6.x86_64 >>> >>> >>> Anyone else seeing this? >>> >>> Cheers, >>> Jonathan. > >