Ok... I'm confused.
No, you are not yet confused enough, i'll try to make it even more difficult :)))))
Where does this bug exhibit itself? Only in cooker? Or with 9.2, and under what conditions? Surely a buildrequires error would make it work, or not, for all installs, no?
the bug is present on every system where nss_ldap is linked with db4 so, starting from 9.2
Ohhh... wait a sec. Your cert7.db file is what is causing the problem? When nss_ldap tries to open it to get the cert before connecting to the LDAP server, right?
it hasn't got a damn to do with cert7.db it is related to: rfc2307bis support
-------------------- from README ----------------------------------- Compiling with -DRFC2307BIS adds rfc2307bis support, which at the moment just gets you support for groups with distinguished name members (instead of login names). A posixGroup can thus have the both memberUid and uniqueMember attributes. This support makes uses of the Berkeley DB library to cache DN to login name mappings; if you don't want to use this or don't have libdb, then you need to undefine DN2UID_CACHE in util.c. --------------------------------------------------------------------
If yes, and it's verified that it works, then I'll build packages to put into updates. I don't use a db here and really have no clue how to make a db file to test this, so unless you can give me a quick "test howto" kinda thing, I have to rely on your testing results to put it through.
nss_ldap is loaded by glibc with dlopen(...,RTLD_LAZY), which means unresolved symbols are not reported until the relative code is executed, but the unresolved symbol is there still, using "ldd -r" uncovers it. (would adding a ldd -r test to rpmlint be a good idea? Fred?)
with nss_ldap-211 the cache is also used by "schema mapping", so the bug becomes immediatly evident.
is that muddier?
L.
-- Luca Berra -- [EMAIL PROTECTED] Communication Media & Services S.r.l. /"\ \ / ASCII RIBBON CAMPAIGN X AGAINST HTML MAIL / \
