[Bug 2063161] Re: PHP LDAP extension is missing a dependency
** Changed in: openldap (Ubuntu) Assignee: (unassigned) => Athos Ribeiro (athos-ribeiro) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063161 Title: PHP LDAP extension is missing a dependency To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2063161/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2063161] Re: PHP LDAP extension is missing a dependency
noble:
php8.3-ldap depends on libldap2;
libldap2 RECOMMENDS libldap-common;
focal:
php7.4-ldap depends on libldap-2.4-2;
libldap-2.4-2 DEPENDS on libldap-common;
in both cases, libldap-common only ships the /etc/ldap/ldap.conf
configuration file, which sets TLS_CACERT.
The openldap chagelog has the following entry:
openldap (2.4.25-1) unstable; urgency=low
...
* Add debian specific patch for ldap.conf. Add TLS_CACERT option and set it
by default to /etc/ssl/certs/ca-certificates.crt (Closes: #555409, #616703)
...
-- Matthijs Möhlmann Mon, 11 Apr 2011 22:10:14 +0200
Which explains why we have the TLS_CACERT entry in the configuration file and
why things work out of the box for php-ldap. The following bugs should give
full context on the matter:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555409
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616703
Then, there is the following entry in the openldap package changelog;
openldap (2.4.51+dfsg-1) unstable; urgency=medium
...
* Relax libldap's dependency on libldap-common to Recommends.
This is intended to mitigate the impact of bug #915948 in the case where
the arch:all build is delayed for so long that the old libldap-common
disappears. Previously, a delayed arch:all build could become
BD-Uninstallable if new amd64 binaries were published before the arch:all
build starts, due to the transitive build-dependency on libldap.
Although libldap works fine without libldap-common, in normal
installations it is still recommended to install libldap-common.
...
-- Ryan Tandy Sun, 23 Aug 2020 11:09:57 -0700
Which was implemented to fix http://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=915948.
The consequence here is that when the package is installed with --no-
install-recommends, TLS_CACERT is not set and you see the described
error (which is known to be a not ideal error message as described in
the debian bug linked above (#555409).
Still, in https://www.debian.org/doc/debian-policy/ch-
relationships.html, the Debian policy states that:
"Recommends declares a strong, but not absolute, dependency. The
Recommends field should list packages that would be found together with
this one in all but unusual installations."
Which is reasonable given the statement in the changelog bit mentioned
above ("libldap works fine without libldap-common").
However, this is a workaround for a bug in dak. Since we use launchpad,
we could verify if we also suffer of similar issues and then, in case
launchpad is not affected, consider reverting this change in a Ubuntu.
Once could also argue considering fixing this in php-ldap by also
depending on libldap-common. IMHO, that would be overstretching AND
undoing the openldap patch indirectly and would need to be done in other
packages as well for consistency. i.e., this is a bad option.
** Bug watch added: Debian Bug tracker #555409
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555409
** Bug watch added: Debian Bug tracker #616703
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616703
** Bug watch added: Debian Bug tracker #915948
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915948
** Also affects: openldap (Ubuntu)
Importance: Undecided
Status: New
** Changed in: openldap (Ubuntu)
Status: New => Triaged
** Changed in: php-defaults (Ubuntu)
Status: New => Opinion
** Tags added: server-todo
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2063161
Title:
PHP LDAP extension is missing a dependency
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2063161/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2063161] Re: PHP LDAP extension is missing a dependency
Specified correct package ** Package changed: ubuntu => php-defaults (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063161 Title: PHP LDAP extension is missing a dependency To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php-defaults/+bug/2063161/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2063161] Re: PHP LDAP extension is missing a dependency
Thank you for taking the time to report this bug and helping to make Ubuntu better. It seems that your bug report is not filed about a specific source package though, rather it is just filed against Ubuntu in general. It is important that bug reports be filed about source packages so that people interested in the package can find the bugs about it. You can find some hints about determining what package your bug might be about at https://wiki.ubuntu.com/Bugs/FindRightPackage. You might also ask for help in the #ubuntu-bugs irc channel on Libera.chat. To change the source package that this bug is filed about visit https://bugs.launchpad.net/ubuntu/+bug/2063161/+editstatus and add the package name in the text box next to the word Package. [This is an automated message. I apologize if it reached you inappropriately; please just reply to this message indicating so.] ** Tags added: bot-comment -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063161 Title: PHP LDAP extension is missing a dependency To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/2063161/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2063161] Re: PHP LDAP extension is missing a dependency
** Description changed: When php-ldap package is installed with --no-install-recommends, the libldap-common package is not installed, which results in TLS certificate validation failure with useless message: "PHP Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server". Only with the debugging enabled I could see a bit more relevant information "TLS: peer cert untrusted or revoked (0x42)", but that information is also misleading as the server certificate is valid. Full log of actions to reproduce the issue (valid for Ubuntu 22.04 and 24.04) is in the attached "Ubuntu PHP LDAP bug.txt". It also includes the happy path. + I believe that when php-ldap package is installed with --no-install- + recommends option, the libldap-common package should be installed as + well. - I believe that when php-ldap package is installed with --no-install-recommends option, the libldap-common package should be installed as well. + N.B. That this was working as expected in Ubuntu 20.04 . -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063161 Title: PHP LDAP extension is missing a dependency To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/2063161/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
