Hello, On 1-Nov-03 at 18:25, Vincent Danen ([EMAIL PROTECTED]) wrote:
> Where does this bug exhibit itself? Only in cooker? Or with 9.2, and > under what conditions? Surely a buildrequires error would make it > work, or not, for all installs, no? In my october 31st tests it occured with 9.2 and cooker both with the rpm provided in the distribution and those provided by florin. > I'm using nss_ldap-207-2mdk here on a workstation and a laptop and I > don't see the errors you describe with dbopen and getent. Just > tried it on both and re-read your message, but I'm still confused. The telling test is "ldd -r /lib/libnss_ldap-2.3.2.so|grep undefined" > If this is a buildrequires problem, and nss_ldap is "broken", then > shouldn't it be broken *everywhere*? Why would you get the dbopen > errors and I don't? As Luca Berra explained, this is because symbol resolution is in lazy mode, and your ldap.conf file does not trigger the use of the dbopen call. > Ohhh... wait a sec. Your cert7.db file is what is causing the problem? It probably triggers the problem, does not cause it :-) > If yes, and it's verified that it works, then I'll build packages to > put into updates. I don't use a db here and really have no clue how > to make a db file to test this, so unless you can give me a quick > "test howto" kinda thing, I have to rely on your testing results to > put it through. Originally my cert7.db file was copied from ~/.netscape/cert7.db (probably created by netscape 4.78). Netscape 7 also used that file; it appears that now the latest mozilla uses a file "cert8.db" (~/.mozilla/user/xyhq33vs.slt/cert8.db), I haven't tried to use that yet. In my case cert7.db contains the certificate of the Certificate Authority that signed the LDAP server's certificate. This is used to allow ldaps (SSL) connections to the LDAP server. On 2-Nov-03 at 17:58, Luca Berra ([EMAIL PROTECTED]) wrote: > it hasn't got a damn to do with cert7.db > it is related to: rfc2307bis support > > -------------------- from README ----------------------------------- > Compiling with -DRFC2307BIS adds rfc2307bis support, which at the > moment just gets you support for groups with distinguished name > members (instead of login names). A posixGroup can thus have the > both memberUid and uniqueMember attributes. So it would mean it is either due to the version of the LDAP software (in my case SunOne Directory Server 5.1, LDAP v3), or to the particular schema used for posixGroup (defined in the default schemas in DS 5.1). The strange thing is that my ldap.conf does not contain a nss_base_group directive. I also checked the LDAP server access log, there is no activity related to posixGroup (only to objectClass=posixAccount and objectClass=shadowAccount). My strace observations showed that the process would fail right after reading ldap.conf, before any connection is established. So maybe the triggering factor was the directive "ldap_version 3" but Buchan Milne's ldap.conf had that line as well as a nss_base_group directive without exhibiting the problem. So I am still inclined to think that "sslpath /etc/ssl/certs/cert7.db" is what triggered the symptoms I observed with the old nss_ldap version. Thanks for your attention! Best regards, Dominique -- * Unsolicited commercial email is NOT welcome at this address. * Mr Dominique Petitpierre Email: [EMAIL PROTECTED] Division Informatique User=Dominique.Petitpierre University of Geneva Domain=adm.unige.ch (Switzerland) WWW : http://www.unige.ch/dinf/
