Re: [Cooker] Re: [CHRPM] nss_ldap-211-1mdk
Dominique Petitpierre [EMAIL PROTECTED] writes: Hello, On 5-Nov-03 at 10:33, Florin ([EMAIL PROTECTED]) wrote: have you also tried the latest luca's package ? http://people.mandrakesoft.com/~florin/www/rpms/cooker/RPMS/i586/nss_ldap-211-3mdk.i586.rpm I could not download this: the directory seems empty today. I have removed all the packages (I have kept the src though) because everything is in cooker now ... I tried, on Mandrake 9.2, the version from http://www.comedia.it/~bluca/cooker/errata/ and it works fine: # rpm -ivh -p http://www.comedia.it/~bluca/cooker/errata/nss_ldap-211-3mdk.i586.rpm Retrieving http://www.comedia.it/~bluca/cooker/errata/nss_ldap-211-3mdk.i586.rpm warning: /var/tmp/rpm-xfer.9riEy1: V3 DSA signature: NOKEY, key ID 49aa3db1 Preparing...### [100%] 1:nss_ldap ### [100%] # cp /etc/ldap.conf.rpmsave /etc/ldap.conf # getent passwd etutest1 etutest1:x:147989:4:ETUTEST Accesinfo:/home/etutest1:/bin/tcsh So both versions 207 and 211 compiled by Luca Berra work fine on Mandrake 9.2. Best regards, Dominique -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
Re: [Cooker] Re: [CHRPM] nss_ldap-211-1mdk
Hello, On 5-Nov-03 at 10:33, Florin ([EMAIL PROTECTED]) wrote: have you also tried the latest luca's package ? http://people.mandrakesoft.com/~florin/www/rpms/cooker/RPMS/i586/nss_ldap-211-3mdk.i586.rpm I could not download this: the directory seems empty today. I tried, on Mandrake 9.2, the version from http://www.comedia.it/~bluca/cooker/errata/ and it works fine: # rpm -ivh -p http://www.comedia.it/~bluca/cooker/errata/nss_ldap-211-3mdk.i586.rpm Retrieving http://www.comedia.it/~bluca/cooker/errata/nss_ldap-211-3mdk.i586.rpm warning: /var/tmp/rpm-xfer.9riEy1: V3 DSA signature: NOKEY, key ID 49aa3db1 Preparing...### [100%] 1:nss_ldap ### [100%] # cp /etc/ldap.conf.rpmsave /etc/ldap.conf # getent passwd etutest1 etutest1:x:147989:4:ETUTEST Accesinfo:/home/etutest1:/bin/tcsh So both versions 207 and 211 compiled by Luca Berra work fine on Mandrake 9.2. Best regards, Dominique -- * Unsolicited commercial email is NOT welcome at this address. * Mr Dominique Petitpierre Email: [EMAIL PROTECTED] Division Informatique User=Dominique.Petitpierre University of Geneva Domain=adm.unige.ch 24 rue General-Dufour Voice: +41/22/37 97117 CH-1204 GENEVA Fax : +41/22/37 97986 (Switzerland) WWW : http://www.unige.ch/dinf/
[Cooker] Re: [CHRPM] nss_ldap-211-1mdk
Hello,
On 5-Nov-03 at 11:16, Luca Berra ([EMAIL PROTECTED]) wrote:
On Wed, Nov 05, 2003 at 10:59:32AM +0100, Dominique Petitpierre wrote:
.
My strace
observations showed that the process would fail right after reading
ldap.conf, before any connection is established. So maybe the
which version of ldap are you speaking about?
207 should exibit the problem only if it finds an
uniqueMember in the cn=...,ou=Group,dc=...,dc=..
211 would exibit the problem immediatly (independent of sslpath)
I tested this with nss_ldap-207-2mdk from Mandrake 9.2,
but I assume all the other bad versions would behave the
same for that matter:
# rpm -q nss_ldap
nss_ldap-207-2mdk
# strace getent passwd etutest1 | tail
rt_sigprocmask(SIG_BLOCK, [PIPE], [], 8) = 0
getpid()= 5047
geteuid32() = 0
open(/etc/ldap.conf, O_RDONLY)= 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=410, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4018b000
read(3, host people.unige.ch\nbase ou=peo..., 4096) = 410
writev(2, [{getent, 6}, {: , 2}, {relocation error, 16}, {: , 2},
{/lib/libnss_ldap.so.2, 21}, {: , 2}, {undefined symbol: dbopen, 24}, {, 0},
{, 0}, {\n, 1}], 10getent: relocation error: /lib/libnss_ldap.so.2: undefined
symbol: dbopen
) = 74
exit_group(127) = ?
As you can see there is no system call between reading
/etc/ldap.conf and printing the error message; in particular the ldap
server is not contacted. Hence my deduction that something
in ldap.conf triggers the dbopen linking.
.
So I am still inclined to think that sslpath /etc/ssl/certs/cert7.db
is what triggered the symptoms I observed with the old nss_ldap version.
looking at the source code it does not work this way
OK! I was silly to doubt the sources!
What I don't understand is why my ldap.conf triggered the problem
and not Buchan Milne's or Florin's cf.
http://archives.mandrakelinux.com/cooker/2003-10/msg03181.php
At the time, Stefan van der Eijk also had an ldap.conf triggering the
undefined symbol symptom, cf.
http://archives.mandrakelinux.com/cooker/2003-09/msg05432.php
Best regards,
Dominique
--
* Unsolicited commercial email is NOT welcome at this address. *
Mr Dominique Petitpierre Email: [EMAIL PROTECTED]
Division Informatique User=Dominique.Petitpierre
University of Geneva Domain=adm.unige.ch
24 rue General-Dufour Voice: +41/22/37 97117
CH-1204 GENEVA Fax : +41/22/37 97986
(Switzerland) WWW : http://www.unige.ch/dinf/
[Cooker] Re: [CHRPM] nss_ldap-211-1mdk
Hello, Thanks for having joined this thread: On 1-Nov-03 at 13:10, Florin ([EMAIL PROTECTED]) wrote: It's quite funny to see all this energy in a long thread ... without testing the latest version of the package. I'm not saying here that the latest version works for your ... but it works here and in some production sites ... I thought I did, in my message of Fri, 31 Oct 2003 16:26:49 +0100 (MET): | I tried the rpm distributed with 9.2 (nss_ldap-207-2mdk.i586.rpm) | as well as both version available at | http://peoples.mandrakesoft.com/~florin/www/rpms/ldap/: | nss_ldap-207-2mdk.i586.rpm 18-Sep-2003 13:32 90K | nss_ldap-211-2mdk.i586.rpm 18-Sep-2003 12:38 89K I also tried the latest cooker version at the time (nss_ldap-207-4mdk.i586.rpm): no success. On 1-Nov-03 at 12:59, Florin ([EMAIL PROTECTED]) wrote: Why don't you try the latest version I have uploaded here http://people.mandrakesoft.com/~florin/www/rpms/cooker/RPMS/i586/nss_ldap-211-1mdk.i586.rpm I tried that version today as well: same problem: # urpme nss_ldap-207-4mdk To satisfy dependencies, the following packages will be removed (0 MB): nss_ldap-207-4mdk.i586 pam_ldap-164-4mdk.i586 (due to unsatisfied nss_ldap = 207) Is this OK? (Y/n) Y removing nss_ldap-207-4mdk.i586 pam_ldap-164-4mdk.i586 warning: /etc/ldap.conf saved as /etc/ldap.conf.rpmsave # rpm -i -p http://people.mandrakesoft.com/~florin/www/rpms/cooker/RPMS/i586/nss_ldap-211-1mdk.i586.rpm # ldd -r /lib/libnss_ldap-2.3.2.so|grep undefined undefined symbol: dbopen(/lib/libnss_ldap-2.3.2.so) On 1-Nov-03 at 16:20, Florin ([EMAIL PROTECTED]) wrote: Luca Berra [EMAIL PROTECTED] writes: So i have spent some more energy in providing fixed nss_ldap-211 rpms I called them -3mdk to avoid further confusion. I also uploaded a newer 207 with fixed buildrequires I had a look at your packages and they seem fine to me ... so I have copied on my web site aswell ... thank you for your work again. This version is not available for mere mortals from http://people.mandrakesoft.com/~florin/www/rpms/cooker/RPMS/i586/ and http://peoples.mandrakesoft.com/~florin/www/rpms/ldap/ has disappeared: # wget http://people.mandrakesoft.com/~florin/www/rpms/cooker/RPMS/i586/nss_ldap-211-3mdk.i586.rpm --08:39:43-- http://people.mandrakesoft.com/%7Eflorin/www/rpms/cooker/RPMS/i586/nss_ldap-211-3mdk.i586.rpm = `nss_ldap-211-3mdk.i586.rpm' Resolving people.mandrakesoft.com... done. Connecting to people.mandrakesoft.com[80.67.180.163]:80... connected. HTTP request sent, awaiting response... 403 Forbidden 08:39:44 ERROR 403: Forbidden. On 2-Nov-03 at 17:58, Luca Berra ([EMAIL PROTECTED]) wrote: nss_ldap is loaded by glibc with dlopen(...,RTLD_LAZY), which means unresolved symbols are not reported until the relative code is executed, but the unresolved symbol is there still, using ldd -r uncovers it. (would adding a ldd -r test to rpmlint be a good idea? Fred?) It is a good idea. I don't see a case where a symbol in a dynamic library should not be resolved within its dependencies as known by ldd. More to come in my next followup... Best regards, Dominique -- * Unsolicited commercial email is NOT welcome at this address. * Mr Dominique Petitpierre Email: [EMAIL PROTECTED] Division Informatique User=Dominique.Petitpierre University of Geneva Domain=adm.unige.ch (Switzerland) WWW : http://www.unige.ch/dinf/
[Cooker] Re: [CHRPM] nss_ldap-211-1mdk
Hello, Thanks for your valuable contribution: On 1-Nov-03 at 11:02, Luca Berra ([EMAIL PROTECTED]) wrote: it _IS_ a bug in nss_ldap package in short dbopen is db1 syntax dbX (for X1) provide a db_185.h wrapper for dbopen nss_ldap looked for dbX/db_185.h (for X =3) db4 has db4/db_185.h patch is at: http://www.comedia.it/~bluca/cooker/errata/nss_ldap-207-4.0.92mdk/nss_ldap-207-db4.patch.bz2 fixed rpms at: http://www.comedia.it/~bluca/cooker/errata/nss_ldap-207-4.0.92mdk.i586.rpm http://www.comedia.it/~bluca/cooker/errata/pam_ldap-164-4.0.92mdk.i586.rpm http://www.comedia.it/~bluca/cooker/errata/nss_ldap-207-4.0.92mdk.src.rpm It works! Here is the detail (on cooker as downloaded on october 1st): # rpm -ivh -p http://www.comedia.it/~bluca/cooker/errata/nss_ldap-207-4.1.92mdk.i586.rpm Retrieving http://www.comedia.it/~bluca/cooker/errata/nss_ldap-207-4.1.92mdk.i586.rpm warning: /var/tmp/rpm-xfer.hu8kS8: V3 DSA signature: NOKEY, key ID 49aa3db1 Preparing...### [100%] 1:nss_ldap ### [100%] No more undefined symbols reported by ldd: # ldd -r /lib/libnss_ldap-2.3.2.so | grep undefined db185_open is used instead of dbopen, and is defined in /usr/lib/libdb-4.1.so: # nm -D /lib/libnss_ldap-2.3.2.so | grep db U __db185_open # nm -D /usr/lib/libdb-4.1.so|grep db185_open 000134b0 T __db185_open And last but not least, it works with my ldap.conf file: # getent passwd etutest1 etutest1:x:147989:4:ETUTEST Accesinfo:/home/etutest1:/bin/tcsh Yeah! Thanks! I also tested the same rpm on Mandrake 9.2 with sucess! On 1-Nov-03 at 16:20, Florin ([EMAIL PROTECTED]) wrote: And, again, I would recommend this for an errata. It would be nice if the corrected version made it into an update for 9.2. Thanks again for sorting this out! Best regards, Dominique -- * Unsolicited commercial email is NOT welcome at this address. * Mr Dominique Petitpierre Email: [EMAIL PROTECTED] Division Informatique User=Dominique.Petitpierre University of Geneva Domain=adm.unige.ch (Switzerland) WWW : http://www.unige.ch/dinf/
Re: [Cooker] Re: [CHRPM] nss_ldap-211-1mdk
have you also tried the latest luca's package ? http://people.mandrakesoft.com/~florin/www/rpms/cooker/RPMS/i586/nss_ldap-211-3mdk.i586.rpm -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
Re: [Cooker] Re: [CHRPM] nss_ldap-211-1mdk
# wget http://people.mandrakesoft.com/~florin/www/rpms/cooker/RPMS/i586/nss_ldap-211-3mdk.i586.rpm --08:39:43-- http://people.mandrakesoft.com/0.00E+00florin/www/rpms/cooker/RPMS/i586/nss_ldap-211-3mdk.i586.rpm = `nss_ldap-211-3mdk.i586.rpm' Resolving people.mandrakesoft.com... done. Connecting to people.mandrakesoft.com[80.67.180.163]:80... connected. HTTP request sent, awaiting response... 403 Forbidden 08:39:44 ERROR 403: Forbidden. ok, my mistake. This you work now ... -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
[Cooker] Re: [CHRPM] nss_ldap-211-1mdk
Hello, On 1-Nov-03 at 18:25, Vincent Danen ([EMAIL PROTECTED]) wrote: Where does this bug exhibit itself? Only in cooker? Or with 9.2, and under what conditions? Surely a buildrequires error would make it work, or not, for all installs, no? In my october 31st tests it occured with 9.2 and cooker both with the rpm provided in the distribution and those provided by florin. I'm using nss_ldap-207-2mdk here on a workstation and a laptop and I don't see the errors you describe with dbopen and getent. Just tried it on both and re-read your message, but I'm still confused. The telling test is ldd -r /lib/libnss_ldap-2.3.2.so|grep undefined If this is a buildrequires problem, and nss_ldap is broken, then shouldn't it be broken *everywhere*? Why would you get the dbopen errors and I don't? As Luca Berra explained, this is because symbol resolution is in lazy mode, and your ldap.conf file does not trigger the use of the dbopen call. Ohhh... wait a sec. Your cert7.db file is what is causing the problem? It probably triggers the problem, does not cause it :-) If yes, and it's verified that it works, then I'll build packages to put into updates. I don't use a db here and really have no clue how to make a db file to test this, so unless you can give me a quick test howto kinda thing, I have to rely on your testing results to put it through. Originally my cert7.db file was copied from ~/.netscape/cert7.db (probably created by netscape 4.78). Netscape 7 also used that file; it appears that now the latest mozilla uses a file cert8.db (~/.mozilla/user/xyhq33vs.slt/cert8.db), I haven't tried to use that yet. In my case cert7.db contains the certificate of the Certificate Authority that signed the LDAP server's certificate. This is used to allow ldaps (SSL) connections to the LDAP server. On 2-Nov-03 at 17:58, Luca Berra ([EMAIL PROTECTED]) wrote: it hasn't got a damn to do with cert7.db it is related to: rfc2307bis support from README --- Compiling with -DRFC2307BIS adds rfc2307bis support, which at the moment just gets you support for groups with distinguished name members (instead of login names). A posixGroup can thus have the both memberUid and uniqueMember attributes. So it would mean it is either due to the version of the LDAP software (in my case SunOne Directory Server 5.1, LDAP v3), or to the particular schema used for posixGroup (defined in the default schemas in DS 5.1). The strange thing is that my ldap.conf does not contain a nss_base_group directive. I also checked the LDAP server access log, there is no activity related to posixGroup (only to objectClass=posixAccount and objectClass=shadowAccount). My strace observations showed that the process would fail right after reading ldap.conf, before any connection is established. So maybe the triggering factor was the directive ldap_version 3 but Buchan Milne's ldap.conf had that line as well as a nss_base_group directive without exhibiting the problem. So I am still inclined to think that sslpath /etc/ssl/certs/cert7.db is what triggered the symptoms I observed with the old nss_ldap version. Thanks for your attention! Best regards, Dominique -- * Unsolicited commercial email is NOT welcome at this address. * Mr Dominique Petitpierre Email: [EMAIL PROTECTED] Division Informatique User=Dominique.Petitpierre University of Geneva Domain=adm.unige.ch (Switzerland) WWW : http://www.unige.ch/dinf/
[Cooker] Re: [CHRPM] nss_ldap-211-1mdk
On Wed, Nov 05, 2003 at 10:59:32AM +0100, Dominique Petitpierre wrote:
On 2-Nov-03 at 17:58, Luca Berra ([EMAIL PROTECTED]) wrote:
it hasn't got a damn to do with cert7.db
it is related to: rfc2307bis support
from README ---
Compiling with -DRFC2307BIS adds rfc2307bis support, which at the
moment just gets you support for groups with distinguished name
members (instead of login names). A posixGroup can thus have the
both memberUid and uniqueMember attributes.
So it would mean it is either due to the version of the LDAP software
(in my case SunOne Directory Server 5.1, LDAP v3), or to the
particular schema used for posixGroup (defined in the default schemas
in DS 5.1). The strange thing is that my ldap.conf does not contain a
rfc2307bis is a Sun addition
nss_base_group directive. I also checked the LDAP server access log,
there is no activity related to posixGroup (only to
objectClass=posixAccount and objectClass=shadowAccount). My strace
observations showed that the process would fail right after reading
ldap.conf, before any connection is established. So maybe the
which version of ldap are you speaking about?
207 should exibit the problem only if it finds an
uniqueMember in the cn=...,ou=Group,dc=...,dc=..
211 would exibit the problem immediatly (independent of sslpath)
triggering factor was the directive ldap_version 3 but Buchan
Milne's ldap.conf had that line as well as a nss_base_group directive
without exhibiting the problem.
So I am still inclined to think that sslpath /etc/ssl/certs/cert7.db
is what triggered the symptoms I observed with the old nss_ldap version.
looking at the source code it does not work this way
_nss_ldap_parse_gr() contains code:
#ifndef RFC2307BIS
#else
...
vals = ldap_get_values (ld, e, AT (uniqueMember));
if (vals != NULL) {
stat = _nss_ldap_dn2uid (ld, *valiter, uid, buffer, buflen);
And _nss_ldap_dn2uid()
calls
dn2uid_cache_put (dn, *uid);
which in turn calls
__cache = _nss_hash_open();
which calls
dbopen()
L.
--
Luca Berra -- [EMAIL PROTECTED]
Communication Media Services S.r.l.
/\
\ / ASCII RIBBON CAMPAIGN
XAGAINST HTML MAIL
/ \
Re: [Cooker] Re: [CHRPM] nss_ldap-211-1mdk
On Sat, Nov 01, 2003 at 10:24:54AM -0700, Vincent Danen wrote: Ok... I'm confused. No, you are not yet confused enough, i'll try to make it even more difficult :) Where does this bug exhibit itself? Only in cooker? Or with 9.2, and under what conditions? Surely a buildrequires error would make it work, or not, for all installs, no? the bug is present on every system where nss_ldap is linked with db4 so, starting from 9.2 Ohhh... wait a sec. Your cert7.db file is what is causing the problem? When nss_ldap tries to open it to get the cert before connecting to the LDAP server, right? it hasn't got a damn to do with cert7.db it is related to: rfc2307bis support from README --- Compiling with -DRFC2307BIS adds rfc2307bis support, which at the moment just gets you support for groups with distinguished name members (instead of login names). A posixGroup can thus have the both memberUid and uniqueMember attributes. This support makes uses of the Berkeley DB library to cache DN to login name mappings; if you don't want to use this or don't have libdb, then you need to undefine DN2UID_CACHE in util.c. If yes, and it's verified that it works, then I'll build packages to put into updates. I don't use a db here and really have no clue how to make a db file to test this, so unless you can give me a quick test howto kinda thing, I have to rely on your testing results to put it through. nss_ldap is loaded by glibc with dlopen(...,RTLD_LAZY), which means unresolved symbols are not reported until the relative code is executed, but the unresolved symbol is there still, using ldd -r uncovers it. (would adding a ldd -r test to rpmlint be a good idea? Fred?) with nss_ldap-211 the cache is also used by schema mapping, so the bug becomes immediatly evident. is that muddier? L. -- Luca Berra -- [EMAIL PROTECTED] Communication Media Services S.r.l. /\ \ / ASCII RIBBON CAMPAIGN XAGAINST HTML MAIL / \
Re: [Cooker] Re: [CHRPM] nss_ldap-211-1mdk
Buchan, it _IS_ a bug in nss_ldap package in short dbopen is db1 syntax dbX (for X1) provide a db_185.h wrapper for dbopen nss_ldap looked for dbX/db_185.h (for X =3) db4 has db4/db_185.h patch is at: http://www.comedia.it/~bluca/cooker/errata/nss_ldap-207-4.0.92mdk/nss_ldap-207-db4.patch.bz2 fixed rpms at: http://www.comedia.it/~bluca/cooker/errata/nss_ldap-207-4.0.92mdk.i586.rpm http://www.comedia.it/~bluca/cooker/errata/pam_ldap-164-4.0.92mdk.i586.rpm http://www.comedia.it/~bluca/cooker/errata/nss_ldap-207-4.0.92mdk.src.rpm btw (i commented out buildrequires for gdbm-devel and libldap-devel-static, since i don't see them used anywhere) Buchan, Dominique could you please test it? Vincent, can you add this to errata? L. P.S. sorry for large cc list, but i wan't to be sure you see it (message has been quoted fully for people wo don't read cooker) On Sat, Nov 01, 2003 at 01:34:43AM +0200, [EMAIL PROTECTED] wrote: On 31-Oct-03 at 17:32, Buchan Milne ([EMAIL PROTECTED]) wrote: But, I don't see the problem: [EMAIL PROTECTED] bgmilne]$ grep ^passwd /etc/nsswitch.conf passwd: files ldap [EMAIL PROTECTED] bgmilne]$ wc -l /etc/passwd 38 /etc/passwd Same for me here, so far. [EMAIL PROTECTED] bgmilne]$ getent passwd|wc -l 187 Here I get the same symptom as before. # getent passwd|wc -l getent: relocation error: /lib/libnss_ldap.so.2: undefined symbol: dbopen 0 # getent passwd root root:x:0:0:root:/root:/bin/bash # getent passwd etutest1 getent: relocation error: /lib/libnss_ldap.so.2: undefined symbol: dbopen May be you have a ldap.conf file that does not trigger the call to dbopen? - could you send me the relevant part of your ldap.conf? Here is mine: # egrep -v '^#|^$' /etc/ldap.conf host myhost.unige.ch base ou=people,dc=unige,dc=ch ldap_version 3 scope sub pam_filter objectclass=posixAccount pam_login_attribute unigeChStudentUid pam_member_attribute gid pam_password clear nss_base_passwd ou=People,dc=unige,dc=ch?sub nss_base_shadow ou=People,dc=unige,dc=ch?sub ssl on sslpath /etc/ssl/certs/cert7.db Maybe it is this ^^^ ? (I don't see the point in wanting to verify the SSL cert against the commercial CAs when I use my own CA cery anyway, which is available and configured) nss_map_attribute uid unigeChStudentUid pam_template_login_attribute unigeChStudentUid That configuration did work with Mandrake 9.0. Here is mine, we have production machines running with configs like this, Mandrake 9.0 through 9.2: [EMAIL PROTECTED] bgmilne]$ egrep -v '^#|^$' /etc/ldap.conf host bgmilne.cae.co.za base dc=cae,dc=co,dc=za ldap_version 3 scope one pam_filter objectclass=posixaccount pam_login_attribute uid pam_password md5 nss_base_passwd ou=People,dc=cae,dc=co,dc=za nss_base_shadow ou=People,dc=cae,dc=co,dc=za nss_base_group ou=Group,dc=cae,dc=co,dc=za ssl start_tls tls_cacertfile /etc/ssl/ca.crt tls_checkpeer yes TLS_CACERT /etc/ssl/ca.crt Or maybe dbopen is provided by another library loaded at runtime not in the dependancies shown by ldd. It would be strange though: You would expect all symbols of a dynamic libraries to be resolved within the dependancies. [ Florin: is it OK that dbopen is not defined in the dynamic libraries? ] - Any suggestion on where to look now to figure this out? Maybe try without the certdb, since this seems to be about the only thing that has anything to do with libdb (besides libsasl)? Regards, Buchan -- Luca Berra -- [EMAIL PROTECTED] Communication Media Services S.r.l. /\ \ / ASCII RIBBON CAMPAIGN XAGAINST HTML MAIL / \
Re: [Cooker] Re: [CHRPM] nss_ldap-211-1mdk
[EMAIL PROTECTED] (Dominique Petitpierre) writes: Hello, On Mandrake 9.2 (Download version) I have observed a symptom that is similar to the one discussed in the cooker mailing list thread [CHRPM] nss_ldap-211-1mdk on September 18 and 19 (http://www.mail-archive.com/[EMAIL PROTECTED]/msg124027.html): After configuring ldap, commands fail with the following error message: relocation error: /lib/libnss_ldap.so.2: undefined symbol: dbopen I tried the rpm distributed with 9.2 (nss_ldap-207-2mdk.i586.rpm) as well as both version available at http://peoples.mandrakesoft.com/~florin/www/rpms/ldap/: nss_ldap-207-2mdk.i586.rpm 18-Sep-2003 13:32 90K nss_ldap-211-2mdk.i586.rpm 18-Sep-2003 12:38 89K Why don't you try the latest version I have uploaded here ... http://people.mandrakesoft.com/~florin/www/rpms/cooker/RPMS/i586/nss_ldap-211-1mdk.i586.rpm -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
Re: [Cooker] Re: [CHRPM] nss_ldap-211-1mdk
Hi, It's quite funny to see all this energy in a long thread ... without testing the latest version of the package. I'm not saying here that the latest version works for your ... but it works here and in some production sites ... have a nice day, Luca Berra [EMAIL PROTECTED] writes: Buchan, it _IS_ a bug in nss_ldap package in short dbopen is db1 syntax dbX (for X1) provide a db_185.h wrapper for dbopen nss_ldap looked for dbX/db_185.h (for X =3) db4 has db4/db_185.h patch is at: http://www.comedia.it/~bluca/cooker/errata/nss_ldap-207-4.0.92mdk/nss_ldap-207-db4.patch.bz2 fixed rpms at: http://www.comedia.it/~bluca/cooker/errata/nss_ldap-207-4.0.92mdk.i586.rpm http://www.comedia.it/~bluca/cooker/errata/pam_ldap-164-4.0.92mdk.i586.rpm http://www.comedia.it/~bluca/cooker/errata/nss_ldap-207-4.0.92mdk.src.rpm btw (i commented out buildrequires for gdbm-devel and libldap-devel-static, since i don't see them used anywhere) Buchan, Dominique could you please test it? Vincent, can you add this to errata? L. P.S. sorry for large cc list, but i wan't to be sure you see it (message has been quoted fully for people wo don't read cooker) On Sat, Nov 01, 2003 at 01:34:43AM +0200, [EMAIL PROTECTED] wrote: On 31-Oct-03 at 17:32, Buchan Milne ([EMAIL PROTECTED]) wrote: But, I don't see the problem: [EMAIL PROTECTED] bgmilne]$ grep ^passwd /etc/nsswitch.conf passwd: files ldap [EMAIL PROTECTED] bgmilne]$ wc -l /etc/passwd 38 /etc/passwd Same for me here, so far. [EMAIL PROTECTED] bgmilne]$ getent passwd|wc -l 187 Here I get the same symptom as before. # getent passwd|wc -l getent: relocation error: /lib/libnss_ldap.so.2: undefined symbol: dbopen 0 # getent passwd root root:x:0:0:root:/root:/bin/bash # getent passwd etutest1 getent: relocation error: /lib/libnss_ldap.so.2: undefined symbol: dbopen May be you have a ldap.conf file that does not trigger the call to dbopen? - could you send me the relevant part of your ldap.conf? Here is mine: # egrep -v '^#|^$' /etc/ldap.conf host myhost.unige.ch base ou=people,dc=unige,dc=ch ldap_version 3 scope sub pam_filter objectclass=posixAccount pam_login_attribute unigeChStudentUid pam_member_attribute gid pam_password clear nss_base_passwd ou=People,dc=unige,dc=ch?sub nss_base_shadow ou=People,dc=unige,dc=ch?sub ssl on sslpath /etc/ssl/certs/cert7.db Maybe it is this ^^^ ? (I don't see the point in wanting to verify the SSL cert against the commercial CAs when I use my own CA cery anyway, which is available and configured) nss_map_attribute uid unigeChStudentUid pam_template_login_attribute unigeChStudentUid That configuration did work with Mandrake 9.0. Here is mine, we have production machines running with configs like this, Mandrake 9.0 through 9.2: [EMAIL PROTECTED] bgmilne]$ egrep -v '^#|^$' /etc/ldap.conf host bgmilne.cae.co.za base dc=cae,dc=co,dc=za ldap_version 3 scope one pam_filter objectclass=posixaccount pam_login_attribute uid pam_password md5 nss_base_passwd ou=People,dc=cae,dc=co,dc=za nss_base_shadow ou=People,dc=cae,dc=co,dc=za nss_base_group ou=Group,dc=cae,dc=co,dc=za ssl start_tls tls_cacertfile /etc/ssl/ca.crt tls_checkpeer yes TLS_CACERT /etc/ssl/ca.crt Or maybe dbopen is provided by another library loaded at runtime not in the dependancies shown by ldd. It would be strange though: You would expect all symbols of a dynamic libraries to be resolved within the dependancies. [ Florin: is it OK that dbopen is not defined in the dynamic libraries? ] - Any suggestion on where to look now to figure this out? Maybe try without the certdb, since this seems to be about the only thing that has anything to do with libdb (besides libsasl)? Regards, Buchan -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
Re: [Cooker] Re: [CHRPM] nss_ldap-211-1mdk
On Sat, Nov 01, 2003 at 01:10:53PM +0100, Florin wrote: Hi, It's quite funny to see all this energy in a long thread ... without testing the latest version of the package. I'm not saying here that the latest version works for your ... but it works here and in some production sites ... Florin, I really want to help people out, not disrespecting anybody work. I'd love if people did not assume I am an idiot unless the opposite is proven. Sorry, i did urpmi -s nss_ldap from a current cooker, and i forgot something could be found somewhere else. anyway i provided a description of the bug and a patch. could you please add an hdlist to http://people.mandrakesoft.com/~florin/www/rpms/cooker/ so we can add it as an urpmi source. please tell me: which is the correct latest version of the package? http://people.mandrakesoft.com/~florin/www/rpms/ldap/nss_ldap-211-2mdk.src.rpm or http://people.mandrakesoft.com/~florin/www/rpms/cooker/SRPMS/nss_ldap-211-1mdk.src.rpm which seems to be newer I suppose the latter is. I checked against that as well, and since you did not fix the db4 bug it is still there. If you don't beleive it is a bug please read my mail again, all of it. So i have spent some more energy in providing fixed nss_ldap-211 rpms I called them -3mdk to avoid further confusion. I also uploaded a newer 207 with fixed buildrequires I hope someone will consider those worth an errata and that no more energy is wasted in squashin a silly bug. have a nice day, and a nice day to you as well, L. Luca Berra [EMAIL PROTECTED] writes: Buchan, it _IS_ a bug in nss_ldap package in short dbopen is db1 syntax dbX (for X1) provide a db_185.h wrapper for dbopen nss_ldap looked for dbX/db_185.h (for X =3) db4 has db4/db_185.h patch is at: http://www.comedia.it/~bluca/cooker/errata/nss_ldap-207-4.0.92mdk/nss_ldap-207-db4.patch.bz2 fixed rpms at: http://www.comedia.it/~bluca/cooker/errata/nss_ldap-207-4.0.92mdk.i586.rpm http://www.comedia.it/~bluca/cooker/errata/pam_ldap-164-4.0.92mdk.i586.rpm http://www.comedia.it/~bluca/cooker/errata/nss_ldap-207-4.0.92mdk.src.rpm btw (i commented out buildrequires for gdbm-devel and libldap-devel-static, since i don't see them used anywhere) -- Luca Berra -- [EMAIL PROTECTED] Communication Media Services S.r.l. /\ \ / ASCII RIBBON CAMPAIGN XAGAINST HTML MAIL / \
Re: [Cooker] Re: [CHRPM] nss_ldap-211-1mdk
[EMAIL PROTECTED] (Luca Berra) writes: On Sat, Nov 01, 2003 at 01:10:53PM +0100, Florin wrote: Hi, It's quite funny to see all this energy in a long thread ... without testing the latest version of the package. I'm not saying here that the latest version works for your ... but it works here and in some production sites ... Florin, I really want to help people out, not disrespecting anybody work. I'd love if people did not assume I am an idiot unless the opposite is proven. On a contrary, I really appreciate your work ... I'll have a closer look and sync it with the cooker packages. Thank you. I was simply mentioning that I have uploaded another nss_ldap package ... since my link was mentioned. Sorry, i did urpmi -s nss_ldap from a current cooker, and i forgot something could be found somewhere else. anyway i provided a description of the bug and a patch. could you please add an hdlist to http://people.mandrakesoft.com/~florin/www/rpms/cooker/ so we can add it as an urpmi source. please tell me: which is the correct latest version of the package? http://people.mandrakesoft.com/~florin/www/rpms/ldap/nss_ldap-211-2mdk.src.rpm this one is now removed, it was only a test ... http://people.mandrakesoft.com/~florin/www/rpms/cooker/SRPMS/nss_ldap-211-1mdk.src.rpm which seems to be newer I suppose the latter is. I checked against that as well, and since you did not fix the db4 bug it is still there. ok, I'll add your patch. If you don't beleive it is a bug please read my mail again, all of it. ok, So i have spent some more energy in providing fixed nss_ldap-211 rpms I called them -3mdk to avoid further confusion. I also uploaded a newer 207 with fixed buildrequires I hope someone will consider those worth an errata and that no more energy is wasted in squashin a silly bug. oh, yeah, it will be good to add this in the errata, I agree with you .. have a nice day, and a nice day to you as well, L. Luca Berra [EMAIL PROTECTED] writes: Buchan, it _IS_ a bug in nss_ldap package in short dbopen is db1 syntax dbX (for X1) provide a db_185.h wrapper for dbopen nss_ldap looked for dbX/db_185.h (for X =3) db4 has db4/db_185.h patch is at: http://www.comedia.it/~bluca/cooker/errata/nss_ldap-207-4.0.92mdk/nss_ldap-207-db4.patch.bz2 fixed rpms at: http://www.comedia.it/~bluca/cooker/errata/nss_ldap-207-4.0.92mdk.i586.rpm http://www.comedia.it/~bluca/cooker/errata/pam_ldap-164-4.0.92mdk.i586.rpm http://www.comedia.it/~bluca/cooker/errata/nss_ldap-207-4.0.92mdk.src.rpm btw (i commented out buildrequires for gdbm-devel and libldap-devel-static, since i don't see them used anywhere) -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
Re: [Cooker] Re: [CHRPM] nss_ldap-211-1mdk
Luca Berra [EMAIL PROTECTED] writes: So i have spent some more energy in providing fixed nss_ldap-211 rpms I called them -3mdk to avoid further confusion. I also uploaded a newer 207 with fixed buildrequires I had a look at your packages and they seem fine to me ... so I have copied on my web site aswell ... thank you for your work again. And, again, I would recommend this for an errata. cheers, -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
Re: [Cooker] Re: [CHRPM] nss_ldap-211-1mdk
On Nov 01, 2003, at 08:21, Florin wrote:
So i have spent some more energy in providing fixed nss_ldap-211 rpms
I called them -3mdk to avoid further confusion.
I also uploaded a newer 207 with fixed buildrequires
I had a look at your packages and they seem fine to me ... so I have
copied on my web site aswell ... thank you for your work again.
And, again, I would recommend this for an errata.
Ok... I'm confused.
Where does this bug exhibit itself? Only in cooker? Or with 9.2, and
under what conditions? Surely a buildrequires error would make it
work, or not, for all installs, no?
I'm using nss_ldap-207-2mdk here on a workstation and a laptop and I
don't see the errors you describe with dbopen and getent. Just tried
it on both and re-read your message, but I'm still confused.
If this is a buildrequires problem, and nss_ldap is broken, then
shouldn't it be broken *everywhere*? Why would you get the dbopen
errors and I don't?
Ohhh... wait a sec. Your cert7.db file is what is causing the problem?
When nss_ldap tries to open it to get the cert before connecting to
the LDAP server, right?
So your -3mdk packages fix that? No more dbopen errors when nss_ldap
tries to open your cert7.db file?
If yes, and it's verified that it works, then I'll build packages to
put into updates. I don't use a db here and really have no clue how to
make a db file to test this, so unless you can give me a quick test
howto kinda thing, I have to rely on your testing results to put it
through.
Thanks
---
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
lynx -source http://linsec.ca/vdanen.asc | gpg --import
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
PGP.sig
Description: This is a digitally signed message part
Re: [Cooker] Re: [CHRPM] nss_ldap-211-1mdk
[EMAIL PROTECTED] (Vincent Danen) writes:
simply install the cooker/9.2 nss_ldap package and you'll get the famous
open_db error ...
Ok... I'm confused.
Where does this bug exhibit itself? Only in cooker? Or with 9.2, and
under what conditions? Surely a buildrequires error would make it
work, or not, for all installs, no?
I'm using nss_ldap-207-2mdk here on a workstation and a laptop and I
don't see the errors you describe with dbopen and getent. Just tried
it on both and re-read your message, but I'm still confused.
If this is a buildrequires problem, and nss_ldap is broken, then
shouldn't it be broken *everywhere*? Why would you get the dbopen
errors and I don't?
Ohhh... wait a sec. Your cert7.db file is what is causing the problem?
When nss_ldap tries to open it to get the cert before connecting to
the LDAP server, right?
So your -3mdk packages fix that? No more dbopen errors when nss_ldap
tries to open your cert7.db file?
If yes, and it's verified that it works, then I'll build packages to
put into updates. I don't use a db here and really have no clue how to
make a db file to test this, so unless you can give me a quick test
howto kinda thing, I have to rely on your testing results to put it
through.
Thanks
---
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
lynx -source http://linsec.ca/vdanen.asc | gpg --import
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
--Apple-Mail-1--794018339
content-type: application/pgp-signature; x-mac-type=70674453;
name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3 (Darwin)
iD8DBQE/o+xpIEPQ5f5vKv0RAv4AAKCEPFYn7KpHVY63OgI96Id8yRKKfgCgmei2
oGML7XhdelfMAakLLFvMIbw=
=2u8i
-END PGP SIGNATURE-
--Apple-Mail-1--794018339--
--
Florin http://www.mandrakesoft.com
http://people.mandrakesoft.com/~florin/
[Cooker] Re: [CHRPM] nss_ldap-211-1mdk
Hello,
On Mandrake 9.2 (Download version) I have observed a symptom that
is similar to the one discussed in the cooker mailing list thread
[CHRPM] nss_ldap-211-1mdk on September 18 and 19
(http://www.mail-archive.com/[EMAIL PROTECTED]/msg124027.html):
After configuring ldap, commands fail with the following error message:
relocation error: /lib/libnss_ldap.so.2: undefined symbol: dbopen
I tried the rpm distributed with 9.2 (nss_ldap-207-2mdk.i586.rpm)
as well as both version available at
http://peoples.mandrakesoft.com/~florin/www/rpms/ldap/:
nss_ldap-207-2mdk.i586.rpm 18-Sep-2003 13:32 90K
nss_ldap-211-2mdk.i586.rpm 18-Sep-2003 12:38 89K
Here is what I did last:
# rpm -ivh http://peoples.mandrakesoft.com/~florin/www/rpms/ldap
/nss_ldap-207-2mdk.i586.rpm
Retrieving
http://peoples.mandrakesoft.com/~florin/www/rpms/ldap/nss_ldap-207-2mdk.i586.rpm
Preparing... ### [100%]
1:nss_ldap ### [100%]
# ldd -r /lib/libnss_ldap-2.3.2.so
libldap.so.2 = /usr/lib/libldap.so.2 (0x40024000)
liblber.so.2 = /usr/lib/liblber.so.2 (0x40057000)
libcom_err.so.2 = /lib/libcom_err.so.2 (0x40064000)
libssl.so.0.9.7 = /usr/lib/libssl.so.0.9.7 (0x40067000)
libcrypto.so.0.9.7 = /usr/lib/libcrypto.so.0.9.7 (0x40099000)
libdb-4.1.so = /usr/lib/libdb-4.1.so (0x4019b000)
libdl.so.2 = /lib/libdl.so.2 (0x4026a000)
libnsl.so.1 = /lib/libndbopensl.so.1 (0x4026d000)
libresolv.so.2 = /lib/libresolv.so.2 (0x40282000)
libc.so.6 = /lib/i686/libc.so.6 (0x40293000)
libsasl2.so.2 = /usr/lib/libsasl2.so.2 (0x403c3000)
/lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x8000)
undefined symbol: dbopen(/lib/libnss_ldap-2.3.2.so)
So it seems that the library is compiled with a reference to dbopen
but dbopen is not defined in any of the dependancies, in particular
not in the obvious candidate libdb-4.1.so (but a db_dbopen is):
# nm --dynamic /lib/libnss_ldap-2.3.2.so | grep dbopen
U dbopen
# ldd /lib/libnss_ldap-2.3.2.so \
| awk '{print $3}' \
| xargs nm --print-file-name --dynamic \
| grep dbopen
/usr/lib/libdb-4.1.so:00054540 T __db_dbopen
- Should /lib/libnss_ldap-2.3.2.so depend on yet another library?
- Is there another rpm version that I can use with 9.2?
Thanks in advance for your help in this matter!
Best regards,
Dominique
--
Mr Dominique Petitpierre Email: [EMAIL PROTECTED]
Division Informatique User=Dominique.Petitpierre
University of Geneva Domain=adm.unige.ch
(Switzerland) WWW : http://www.unige.ch/dinf/
Re: [Cooker] Re: [CHRPM] nss_ldap-211-1mdk
Dominique Petitpierre wrote: Hello, On Mandrake 9.2 (Download version) I have observed a symptom that is similar to the one discussed in the cooker mailing list thread [CHRPM] nss_ldap-211-1mdk on September 18 and 19 (http://www.mail-archive.com/[EMAIL PROTECTED]/msg124027.html): After configuring ldap, commands fail with the following error message: relocation error: /lib/libnss_ldap.so.2: undefined symbol: dbopen I tried the rpm distributed with 9.2 (nss_ldap-207-2mdk.i586.rpm) as well as both version available at http://peoples.mandrakesoft.com/~florin/www/rpms/ldap/: nss_ldap-207-2mdk.i586.rpm 18-Sep-2003 13:32 90K nss_ldap-211-2mdk.i586.rpm 18-Sep-2003 12:38 89K I am running nss_ldap-207-2mdk on two cooker boxes without problems. I don't have an official 9.2 tree accessible, or 9.2 ISOs though. Regards, Buchannss_lda -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
[Cooker] Re: [CHRPM] nss_ldap-211-1mdk
Hi,
Thanks for your quick answer:
On 31-Oct-03 at 16:38, Buchan Milne ([EMAIL PROTECTED]) wrote:
...
I am running nss_ldap-207-2mdk on two cooker boxes without problems.
...
I just tried again with the latest cooker version: nss_ldap-207-4mdk
ldd -r still complains about undefined symbol: dbopen.
Could you please let me know the result, on your system,
of ldd and nm commands mentionned in my initial message, namely
rpm -q -f /lib/libnss_ldap-2.3.2.so
ldd -r /lib/libnss_ldap-2.3.2.so
nm --dynamic /lib/libnss_ldap-2.3.2.so | grep dbopen
ldd /lib/libnss_ldap-2.3.2.so \
| awk '{print $3}' \
| xargs nm --print-file-name --dynamic \
| grep dbopen
rpm
Thanks in advance!
Dominique
--
* Unsolicited commercial email is NOT welcome at this address. *
Mr Dominique Petitpierre Email: [EMAIL PROTECTED]
Division Informatique User=Dominique.Petitpierre
University of Geneva Domain=adm.unige.ch
24 rue General-Dufour Voice: +41/22/37 97117
CH-1204 GENEVA Fax : +41/22/37 97986
(Switzerland) WWW : http://www.unige.ch/dinf/
Re: [Cooker] Re: [CHRPM] nss_ldap-211-1mdk
Dominique Petitpierre wrote:
Hi,
Thanks for your quick answer:
On 31-Oct-03 at 16:38, Buchan Milne ([EMAIL PROTECTED]) wrote:
...
I am running nss_ldap-207-2mdk on two cooker boxes without problems.
...
I just tried again with the latest cooker version: nss_ldap-207-4mdk
ldd -r still complains about undefined symbol: dbopen.
Well, I seem to get the same error from ldd -r, but it seems to have no
impact on my system.
Could you please let me know the result, on your system,
of ldd and nm commands mentionned in my initial message, namely
rpm -q -f /lib/libnss_ldap-2.3.2.so
Testing on two different systems now, one with -2mdk, one with -4mdk:
[EMAIL PROTECTED] bgmilne]$ rpm -qf /lib/libnss_ldap-2.3.2.so
nss_ldap-207-2mdk
[EMAIL PROTECTED] bgmilne]$ ldd -r /lib/libnss_ldap-2.3.2.so
libldap.so.2 = /usr/lib/libldap.so.2 (0x40025000)
liblber.so.2 = /usr/lib/liblber.so.2 (0x40058000)
libcom_err.so.2 = /lib/libcom_err.so.2 (0x40064000)
libssl.so.0.9.7 = /usr/lib/libssl.so.0.9.7 (0x40067000)
libcrypto.so.0.9.7 = /usr/lib/libcrypto.so.0.9.7 (0x4009a000)
libdb-4.1.so = /usr/lib/libdb-4.1.so (0x4019c000)
libdl.so.2 = /lib/libdl.so.2 (0x4026b000)
libnsl.so.1 = /lib/libnsl.so.1 (0x4026e000)
libresolv.so.2 = /lib/libresolv.so.2 (0x40282000)
libc.so.6 = /lib/i686/libc.so.6 (0x40293000)
libsasl2.so.2 = /usr/lib/libsasl2.so.2 (0x403c4000)
/lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x8000)
undefined symbol: dbopen(/lib/libnss_ldap-2.3.2.so)
[EMAIL PROTECTED] bgmilne]$ nm --dynamic /lib/libnss_ldap-2.3.2.so |
grep dbopen
U dbopen
[EMAIL PROTECTED] bgmilne]$ ldd /lib/libnss_ldap-2.3.2.so | awk '{print
$3}' | xargs nm --print-file-name --dynamic | grep dbopen
/usr/lib/libdb-4.1.so:00054540 T __db_dbopen
[EMAIL PROTECTED] bgmilne]$ rpm -qf /lib/libnss_ldap-2.3.2.so
nss_ldap-207-4mdk
[EMAIL PROTECTED] bgmilne]$ ldd -r /lib/libnss_ldap-2.3.2.so
libldap.so.2 = /usr/lib/libldap.so.2 (0x4003)
liblber.so.2 = /usr/lib/liblber.so.2 (0x40063000)
libkrb4.so.2 = /usr/lib/libkrb4.so.2 (0x4006f000)
libkrb5.so.3 = /usr/lib/libkrb5.so.3 (0x4009)
libk5crypto.so.3 = /usr/lib/libk5crypto.so.3 (0x40105000)
libcom_err.so.2 = /lib/libcom_err.so.2 (0x4012d000)
libssl.so.0.9.7 = /usr/lib/libssl.so.0.9.7 (0x4013)
libcrypto.so.0.9.7 = /usr/lib/libcrypto.so.0.9.7 (0x40162000)
libdb-4.1.so = /usr/lib/libdb-4.1.so (0x40264000)
libdl.so.2 = /lib/libdl.so.2 (0x40333000)
libnsl.so.1 = /lib/libnsl.so.1 (0x40337000)
libresolv.so.2 = /lib/libresolv.so.2 (0x4034b000)
libc.so.6 = /lib/i686/libc.so.6 (0x4035c000)
libsasl2.so.2 = /usr/lib/libsasl2.so.2 (0x4048c000)
libdes425.so.3 = /usr/lib/libdes425.so.3 (0x404a)
/lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x8000)
undefined symbol: dbopen(/lib/libnss_ldap-2.3.2.so)
[EMAIL PROTECTED] bgmilne]$ nm --dynamic /lib/libnss_ldap-2.3.2.so |
grep dbopen
U dbopen
[EMAIL PROTECTED] bgmilne]$ ldd /lib/libnss_ldap-2.3.2.so | awk '{print
$3}' | xargs nm --print-file-name --dynamic | grep dbopen
/usr/lib/libdb-4.1.so:00054540 T __db_dbopen
(it seems one version was compiled against kerberos, one wasn't - and
this is something that really needs to be addressed better, at present
since we don't necessarily force configure options, or BuildConflict
some packages, which features you get are sometimes quite random ...
AFAIK it should not be necessary to compile against kerberos now, since
we actually want GSSAPI via SASL instead?).
But, I don't see the problem:
[EMAIL PROTECTED] bgmilne]$ grep ^passwd /etc/nsswitch.conf
passwd: files ldap
[EMAIL PROTECTED] bgmilne]$ wc -l /etc/passwd
38 /etc/passwd
[EMAIL PROTECTED] bgmilne]$ getent passwd|wc -l
187
[EMAIL PROTECTED] bgmilne]$ wc -l /etc/pass
passwd passwd-
[EMAIL PROTECTED] bgmilne]$ wc -l /etc/passwd
33 /etc/passwd
[EMAIL PROTECTED] bgmilne]$ getent passwd|wc -l
182
--
|--Another happy Mandrake Club member--|
Buchan MilneMechanical Engineer, Network Manager
Cellphone * Work+27 82 472 2231 * +27 21 8828820x202
Stellenbosch Automotive Engineering http://www.cae.co.za
GPG Key http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
Re: [Cooker] Re: [CHRPM] nss_ldap-211-1mdk
Hi,
Thanks again for your help:
On 31-Oct-03 at 17:32, Buchan Milne ([EMAIL PROTECTED]) wrote:
...
[EMAIL PROTECTED] bgmilne]$ rpm -qf /lib/libnss_ldap-2.3.2.so
nss_ldap-207-4mdk
[EMAIL PROTECTED] bgmilne]$ ldd -r /lib/libnss_ldap-2.3.2.so
libldap.so.2 = /usr/lib/libldap.so.2 (0x4003)
liblber.so.2 = /usr/lib/liblber.so.2 (0x40063000)
libkrb4.so.2 = /usr/lib/libkrb4.so.2 (0x4006f000)
libkrb5.so.3 = /usr/lib/libkrb5.so.3 (0x4009)
libk5crypto.so.3 = /usr/lib/libk5crypto.so.3 (0x40105000)
libcom_err.so.2 = /lib/libcom_err.so.2 (0x4012d000)
libssl.so.0.9.7 = /usr/lib/libssl.so.0.9.7 (0x4013)
libcrypto.so.0.9.7 = /usr/lib/libcrypto.so.0.9.7 (0x40162000)
libdb-4.1.so = /usr/lib/libdb-4.1.so (0x40264000)
libdl.so.2 = /lib/libdl.so.2 (0x40333000)
libnsl.so.1 = /lib/libnsl.so.1 (0x40337000)
libresolv.so.2 = /lib/libresolv.so.2 (0x4034b000)
libc.so.6 = /lib/i686/libc.so.6 (0x4035c000)
libsasl2.so.2 = /usr/lib/libsasl2.so.2 (0x4048c000)
libdes425.so.3 = /usr/lib/libdes425.so.3 (0x404a)
/lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x8000)
undefined symbol: dbopen(/lib/libnss_ldap-2.3.2.so)
[EMAIL PROTECTED] bgmilne]$ nm --dynamic /lib/libnss_ldap-2.3.2.so |
grep dbopen
U dbopen
[EMAIL PROTECTED] bgmilne]$ ldd /lib/libnss_ldap-2.3.2.so | awk '{print
$3}' | xargs nm --print-file-name --dynamic | grep dbopen
/usr/lib/libdb-4.1.so:00054540 T __db_dbopen
I installed the current cooker from scratch and added the ldap customisation.
The result of the above commands is exactly the same.
...
But, I don't see the problem:
[EMAIL PROTECTED] bgmilne]$ grep ^passwd /etc/nsswitch.conf
passwd: files ldap
[EMAIL PROTECTED] bgmilne]$ wc -l /etc/passwd
38 /etc/passwd
Same for me here, so far.
[EMAIL PROTECTED] bgmilne]$ getent passwd|wc -l
187
Here I get the same symptom as before.
# getent passwd|wc -l
getent: relocation error: /lib/libnss_ldap.so.2: undefined symbol: dbopen
0
# getent passwd root
root:x:0:0:root:/root:/bin/bash
# getent passwd etutest1
getent: relocation error: /lib/libnss_ldap.so.2: undefined symbol: dbopen
May be you have a ldap.conf file that does not trigger the call
to dbopen?
- could you send me the relevant part of your ldap.conf?
Here is mine:
# egrep -v '^#|^$' /etc/ldap.conf
host myhost.unige.ch
base ou=people,dc=unige,dc=ch
ldap_version 3
scope sub
pam_filter objectclass=posixAccount
pam_login_attribute unigeChStudentUid
pam_member_attribute gid
pam_password clear
nss_base_passwd ou=People,dc=unige,dc=ch?sub
nss_base_shadow ou=People,dc=unige,dc=ch?sub
ssl on
sslpath /etc/ssl/certs/cert7.db
nss_map_attribute uid unigeChStudentUid
pam_template_login_attribute unigeChStudentUid
That configuration did work with Mandrake 9.0.
Or maybe dbopen is provided by another library loaded at runtime
not in the dependancies shown by ldd.
It would be strange though: You would expect all
symbols of a dynamic libraries to be resolved within
the dependancies.
[ Florin: is it OK that dbopen is not defined in the dynamic libraries? ]
- Any suggestion on where to look now to figure this out?
Best regards,
Dominique
--
* Unsolicited commercial email is NOT welcome at this address. *
Mr Dominique Petitpierre Email: [EMAIL PROTECTED]
Division Informatique User=Dominique.Petitpierre
University of Geneva Domain=adm.unige.ch
24 rue General-Dufour Voice: +41/22/37 97117
CH-1204 GENEVA Fax : +41/22/37 97986
(Switzerland) WWW : http://www.unige.ch/dinf/
Re: [Cooker] Re: [CHRPM] nss_ldap-211-1mdk
On 31-Oct-03 at 17:32, Buchan Milne ([EMAIL PROTECTED]) wrote: But, I don't see the problem: [EMAIL PROTECTED] bgmilne]$ grep ^passwd /etc/nsswitch.conf passwd: files ldap [EMAIL PROTECTED] bgmilne]$ wc -l /etc/passwd 38 /etc/passwd Same for me here, so far. [EMAIL PROTECTED] bgmilne]$ getent passwd|wc -l 187 Here I get the same symptom as before. # getent passwd|wc -l getent: relocation error: /lib/libnss_ldap.so.2: undefined symbol: dbopen 0 # getent passwd root root:x:0:0:root:/root:/bin/bash # getent passwd etutest1 getent: relocation error: /lib/libnss_ldap.so.2: undefined symbol: dbopen May be you have a ldap.conf file that does not trigger the call to dbopen? - could you send me the relevant part of your ldap.conf? Here is mine: # egrep -v '^#|^$' /etc/ldap.conf host myhost.unige.ch base ou=people,dc=unige,dc=ch ldap_version 3 scope sub pam_filter objectclass=posixAccount pam_login_attribute unigeChStudentUid pam_member_attribute gid pam_password clear nss_base_passwd ou=People,dc=unige,dc=ch?sub nss_base_shadow ou=People,dc=unige,dc=ch?sub ssl on sslpath /etc/ssl/certs/cert7.db Maybe it is this ^^^ ? (I don't see the point in wanting to verify the SSL cert against the commercial CAs when I use my own CA cery anyway, which is available and configured) nss_map_attribute uid unigeChStudentUid pam_template_login_attribute unigeChStudentUid That configuration did work with Mandrake 9.0. Here is mine, we have production machines running with configs like this, Mandrake 9.0 through 9.2: [EMAIL PROTECTED] bgmilne]$ egrep -v '^#|^$' /etc/ldap.conf host bgmilne.cae.co.za base dc=cae,dc=co,dc=za ldap_version 3 scope one pam_filter objectclass=posixaccount pam_login_attribute uid pam_password md5 nss_base_passwd ou=People,dc=cae,dc=co,dc=za nss_base_shadow ou=People,dc=cae,dc=co,dc=za nss_base_group ou=Group,dc=cae,dc=co,dc=za ssl start_tls tls_cacertfile /etc/ssl/ca.crt tls_checkpeer yes TLS_CACERT /etc/ssl/ca.crt Or maybe dbopen is provided by another library loaded at runtime not in the dependancies shown by ldd. It would be strange though: You would expect all symbols of a dynamic libraries to be resolved within the dependancies. [ Florin: is it OK that dbopen is not defined in the dynamic libraries? ] - Any suggestion on where to look now to figure this out? Maybe try without the certdb, since this seems to be about the only thing that has anything to do with libdb (besides libsasl)? Regards, Buchan
Re: [Cooker] Re: [CHRPM] nss_ldap-211-1mdk
Ok, I have recompiled the old 207 version ... same location ... I'll need
to have a closer look then ...
Tried it, doesn't work :-(
If not, what is your /etc/ldap.conf file ?
Here it is:
# @(#)$Id: ldap.conf,v 2.28 2001/08/28 12:17:29 lukeh Exp $
#
# This is the configuration file for the LDAP nameservice
# switch library and the LDAP PAM module.
#
# PADL Software
# http://www.padl.com
#
# Your LDAP server. Must be resolvable without using LDAP.
host ldap.eijk.nu
# The distinguished name of the search base.
base dc=eijk,dc=nu
# Another way to specify your LDAP server is to provide an
# uri with the server name. This allows to use
# Unix Domain Sockets to connect to a local LDAP Server.
#uri ldap://127.0.0.1/
#uri ldaps://127.0.0.1/
#uri ldapi://0.00var0.00run0.00ldapi_sock/
# Note: 0.00 encodes the '/' used as directory separator
# The LDAP version to use (defaults to 3
# if supported by client library)
ldap_version 3
# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
binddn cn=proxyuser,dc=eijk,dc=nu
# The credentials to bind with.
# Optional: default is no credential.
bindpw ***
# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/ldap.secret (mode 600)
#rootbinddn cn=manager,dc=eijk,dc=nu
# The port.
# Optional: default is 389.
#port 389
# The search scope.
#scope sub
scope one
#scope base
# Search timelimit
#timelimit 30
# Bind timelimit
#bind_timelimit 30
# Idle timelimit; client will close connections
# (nss_ldap only) if the server has not been contacted
# for the number of seconds specified below.
#idle_timelimit 3600
# Filter to AND with uid=
pam_filter objectclass=account
# The user ID attribute (defaults to uid)
pam_login_attribute uid
# Search the root DSE for the password policy (works
# with Netscape Directory Server)
#pam_lookup_policy yes
# Group to enforce membership of
#pam_groupdn cn=PAM,ou=Groups,dc=eijk,dc=nu
# Group member attribute
#pam_member_attribute gid
# Template login attribute, default template user
# (can be overriden by value of former attribute
# in user's entry)
#pam_login_attribute userPrincipalName
#pam_template_login_attribute uid
#pam_template_login nobody
# HEADS UP: the pam_crypt, pam_nds_passwd,
# and pam_ad_passwd options are no
# longer supported.
# Do not hash the password at all; presume
# the directory server will do it, if
# necessary. This is the default.
#pam_password clear
# Hash password locally; required for University of
# Michigan LDAP server, and works with Netscape
# Directory Server if you're using the UNIX-Crypt
# hash mechanism and not using the NT Synchronization
# service.
#pam_password crypt
# Remove old password first, then update in
# cleartext. Necessary for use with Novell
# Directory Services (NDS)
#pam_password nds
# Update Active Directory password, by
# creating Unicode password and updating
# unicodePwd attribute.
#pam_password ad
# Use the OpenLDAP password change
# extended operation to update the password.
#pam_password exop
pam_password crypt
# RFC2307bis naming contexts
# Syntax:
# nss_base_XXX base?scope?filter
# where scope is {base,one,sub}
# and filter is a filter to be 'd with the
# default filter.
# You can omit the suffix eg:
# nss_base_passwd ou=People,
# to append the default base DN but this
# may incur a small performance impact.
nss_base_passwd ou=People,dc=eijk,dc=nu
nss_base_shadow ou=People,dc=eijk,dc=nu
nss_base_group ou=Group,dc=eijk,dc=nu
#nss_base_hosts ou=Hosts,dc=eijk,dc=nu?one
#nss_base_services ou=Services,dc=eijk,dc=nu?one
#nss_base_networks ou=Networks,dc=eijk,dc=nu?one
#nss_base_protocols ou=Protocols,dc=eijk,dc=nu?one
#nss_base_rpc ou=Rpc,dc=eijk,dc=nu?one
#nss_base_ethersou=Ethers,dc=eijk,dc=nu?one
#nss_base_netmasks ou=Networks,dc=eijk,dc=nu?ne
#nss_base_bootparamsou=Ethers,dc=eijk,dc=nu?one
#nss_base_aliases ou=Aliases,dc=eijk,dc=nu?one
#nss_base_netgroup ou=Netgroup,dc=eijk,dc=nu?one
# attribute/objectclass mapping
# Syntax:
#nss_map_attribute rfc2307attributemapped_attribute
#nss_map_objectclassrfc2307objectclass mapped_objectclass
# configure --enable-nds is no longer supported.
# For NDS now do:
#nss_map_attribute uniqueMember member
# configure --enable-mssfu-schema is no longer supported.
# For MSSFU now do:
#nss_map_objectclass posixAccount User
#nss_map_attribute uid msSFUName
#nss_map_attribute uniqueMember posixMember
#nss_map_attribute userPassword msSFUPassword
#nss_map_attribute homeDirectory msSFUHomeDirectory
#nss_map_objectclass posixGroup Group
#nss_map_attribute cn msSFUName
#pam_login_attribute msSFUName
#pam_filter objectclass=User
#pam_password ad
Re: [Cooker] Re: [CHRPM] nss_ldap-211-1mdk
[EMAIL PROTECTED] (Stefan van der Eijk) writes: This is a cryptographically signed message in MIME format. --ms090903010403020401070506 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit After updating to nss_ldap-211-1mdk I'm getting errors as such: $ ls -l total 68060 ls: relocation error: /lib/libnss_ldap.so.2: undefined symbol: dbopen [EMAIL PROTECTED] stefan]$ ssh kenobi.mandrakesoft.com ssh: relocation error: /lib/libnss_ldap.so.2: undefined symbol: dbopen Anybody else? yes, I have it too ... so I think the best thing will be to go back to the 207 version for the moment ... Florin [EMAIL PROTECTED] 211-1mdk - 211 -=-=-=- --ms090903010403020401070506 Content-Type: application/x-pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7s Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEH AQAAoIIJODCCAvowggJjoAMCAQICAwp3KjANBgkqhkiG9w0BAQQFADCBkjEL MAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ Q2FwZSBUb3duMQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsTFENlcnRpZmlj YXRlIFNlcnZpY2VzMSgwJgYDVQQDEx9QZXJzb25hbCBGcmVlbWFpbCBSU0Eg MjAwMC44LjMwMB4XDTAzMDgwMjA3NDYyOFoXDTA0MDgwMTA3NDYyOFowQDEf MB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEdMBsGCSqGSIb3DQEJ ARYOc3RlZmFuQGVpamsubnUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQDM24sJxi1DuOCz6MIa3Sdvb0VDHKVmUA+U2nAaKxZINAFAanawKYmQ wgVYbfeMSoo1JVc1/kx6ul20S5fWE2bavjOk9LqLEfwfKwjn/qCf7qSaHXr9 izzp8lCbJF1iC8lNwiInNqrvfSoFgatE+pQtVBuYxQR2wATkByvZ94Ehh/dm ttzXTtMdkdDERr82gOnY/CC2JevKMxKU+FwSQLP7/mVNxsmS3ruddQc89+at YNblIiBYnggoQoAMCqtvlNjyHSe2SDMc6EXthcfySJapVoS7/tbGaZE1+ZZK OWEO7utTW6vghh8ZXUXrDq9toe6uhCaKHPEeHM8S42G4DMghAgMBAAGjKzAp MBkGA1UdEQQSMBCBDnN0ZWZhbkBlaWprLm51MAwGA1UdEwEB/wQCMAAwDQYJ KoZIhvcNAQEEBQADgYEAyeOHUJR03+LRw7lsrMqb1d1PtTfDdfvbskf86JbF gP+JoemFqaGgGzTcVN8aqK6rpGuAoHVJwlhMIxRtmpVpPGkzEZIc9T03GfuC kxWA4KOiSwW6j1JLgti2jhrl8+k8vBxzSm3jqk8uXSKobfjfOR3xKCo4ZLpo L958/boUN70wggL6MIICY6ADAgECAgMKdyowDQYJKoZIhvcNAQEEBQAwgZIx CzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcT CUNhcGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZp Y2F0ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNB IDIwMDAuOC4zMDAeFw0wMzA4MDIwNzQ2MjhaFw0wNDA4MDEwNzQ2MjhaMEAx HzAdBgNVBAMTFlRoYXd0ZSBGcmVlbWFpbCBNZW1iZXIxHTAbBgkqhkiG9w0B CQEWDnN0ZWZhbkBlaWprLm51MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAzNuLCcYtQ7jgs+jCGt0nb29FQxylZlAPlNpwGisWSDQBQGp2sCmJ kMIFWG33jEqKNSVXNf5MerpdtEuX1hNm2r4zpPS6ixH8HysI5/6gn+6kmh16 /Ys86fJQmyRdYgvJTcIiJzaq730qBYGrRPqULVQbmMUEdsAE5Acr2feBIYf3 Zrbc107THZHQxEa/NoDp2PwgtiXryjMSlPhcEkCz+/5lTcbJkt67nXUHPPfm rWDW5SIgWJ4IKEKADAqrb5TY8h0ntkgzHOhF7YXH8kiWqVaEu/7WxmmRNfmW SjlhDu7rU1ur4IYfGV1F6w6vbaHuroQmihzxHhzPEuNhuAzIIQIDAQABoysw KTAZBgNVHREEEjAQgQ5zdGVmYW5AZWlqay5udTAMBgNVHRMBAf8EAjAAMA0G CSqGSIb3DQEBBAUAA4GBAMnjh1CUdN/i0cO5bKzKm9XdT7U3w3X727JH/OiW xYD/iaHphamhoBs03FTfGqiuq6RrgKB1ScJYTCMUbZqVaTxpMxGSHPU9Nxn7 gpMVgOCjoksFuo9SS4LYto4a5fPpPLwcc0pt46pPLl0iqG343zkd8SgqOGS6 aC/efP26FDe9MIIDODCCAqGgAwIBAgIQZkVyt8x09c9jdkWE0C6RATANBgkq hkiG9w0BAQQFADCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4g Q2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29u c3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZp c2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIENBMSsw KQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUuY29tMB4X DTAwMDgzMDAwMDAwMFoXDTA0MDgyNzIzNTk1OVowgZIxCzAJBgNVBAYTAlpB MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEP MA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNl czEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4zMDCB nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3jMypmPHCSVFPtJueCdngcXa iBmClw7jRCmKYzUqbXA8+tyu9+50bzC8M5B/+TRxoKNtmPHDT6Jl2w36S/HW 3WGl+YXNVZo1Gp2Sdagnrthy+boC9tewkd4c6avgGAOofENCUFGHgzzwObSb VIoTh/+zm51JZgAtCYnslGvpoWkCAwEAAaNOMEwwKQYDVR0RBCIwIKQeMBwx GjAYBgNVBAMTEVByaXZhdGVMYWJlbDEtMjk3MBIGA1UdEwEB/wQIMAYBAf8C AQAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBAUAA4GBADGxS0dd+QFx5fVT bF151j2YwCYTYoEipxL4IpXoG0m3J3sEObr85vIk65H6vewNKjj3UFWobPcN rUwbvAP0teuiR59sogxYjTFCCRFssBpp0SsSskBdavl50OouJd2K5PzbDR+d AvNa28o89kTqJmmHf0iezqWf54TYyWJirQXGMYID1TCCA9ECAQEwgZowgZIx CzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcT CUNhcGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZp Y2F0ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNB IDIwMDAuOC4zMAIDCncqMAkGBSsOAwIaBQCgggIPMBgGCSqGSIb3DQEJAzEL BgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTAzMDkxNzE4MDkyMFowIwYJ KoZIhvcNAQkEMRYEFI2MRW4wzHhD6HINlQpVnTdXJ2bjMFIGCSqGSIb3DQEJ DzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMC AgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGrBgkrBgEEAYI3EAQxgZ0w gZowgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQ BgNVBAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRD
Re: [Cooker] Re: [CHRPM] nss_ldap-211-1mdk
[EMAIL PROTECTED] (Stefan van der Eijk) writes: This is a cryptographically signed message in MIME format. --ms090903010403020401070506 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit After updating to nss_ldap-211-1mdk I'm getting errors as such: $ ls -l total 68060 ls: relocation error: /lib/libnss_ldap.so.2: undefined symbol: dbopen [EMAIL PROTECTED] stefan]$ ssh kenobi.mandrakesoft.com ssh: relocation error: /lib/libnss_ldap.so.2: undefined symbol: dbopen Anybody else? yes, I have it too ... so I think the best thing will be to go back to the 207 version for the moment ... Yes, I agree. Leave 211 for after 9.2. Stefan
Re: [Cooker] Re: [CHRPM] nss_ldap-211-1mdk
[EMAIL PROTECTED] (Stefan van der Eijk) writes: [EMAIL PROTECTED] (Stefan van der Eijk) writes: This is a cryptographically signed message in MIME format. --ms090903010403020401070506 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit After updating to nss_ldap-211-1mdk I'm getting errors as such: $ ls -l total 68060 ls: relocation error: /lib/libnss_ldap.so.2: undefined symbol: dbopen [EMAIL PROTECTED] stefan]$ ssh kenobi.mandrakesoft.com ssh: relocation error: /lib/libnss_ldap.so.2: undefined symbol: dbopen Anybody else? yes, I have it too ... so I think the best thing will be to go back to the 207 version for the moment ... Yes, I agree. Leave 211 for after 9.2. Can you try the 211-2mdk package at http://people.mandrakesoft.com/~florin/www/rpms/ldap and tell me if it works for you ? If not, what is your /etc/ldap.conf file ? thank you, -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
Re: [Cooker] Re: [CHRPM] nss_ldap-211-1mdk
Florin wrote:
[EMAIL PROTECTED] (Stefan van der Eijk) writes:
[EMAIL PROTECTED] (Stefan van der Eijk) writes:
This is a cryptographically signed message in MIME format.
--ms090903010403020401070506
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
After updating to nss_ldap-211-1mdk I'm getting errors as such:
$ ls -l
total 68060
ls: relocation error: /lib/libnss_ldap.so.2: undefined symbol: dbopen
[EMAIL PROTECTED] stefan]$ ssh kenobi.mandrakesoft.com
ssh: relocation error: /lib/libnss_ldap.so.2: undefined symbol: dbopen
Anybody else?
yes, I have it too ... so I think the best thing will be to go back to the
207 version for the moment ...
Yes, I agree. Leave 211 for after 9.2.
Can you try the 211-2mdk package at
http://people.mandrakesoft.com/~florin/www/rpms/ldap and tell me if it
works for you ?
Tried it, doesn't work :-(
If not, what is your /etc/ldap.conf file ?
Here it is:
# @(#)$Id: ldap.conf,v 2.28 2001/08/28 12:17:29 lukeh Exp $
#
# This is the configuration file for the LDAP nameservice
# switch library and the LDAP PAM module.
#
# PADL Software
# http://www.padl.com
#
# Your LDAP server. Must be resolvable without using LDAP.
host ldap.eijk.nu
# The distinguished name of the search base.
base dc=eijk,dc=nu
# Another way to specify your LDAP server is to provide an
# uri with the server name. This allows to use
# Unix Domain Sockets to connect to a local LDAP Server.
#uri ldap://127.0.0.1/
#uri ldaps://127.0.0.1/
#uri ldapi://%2fvar%2frun%2fldapi_sock/
# Note: %2f encodes the '/' used as directory separator
# The LDAP version to use (defaults to 3
# if supported by client library)
ldap_version 3
# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
binddn cn=proxyuser,dc=eijk,dc=nu
# The credentials to bind with.
# Optional: default is no credential.
bindpw ***
# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/ldap.secret (mode 600)
#rootbinddn cn=manager,dc=eijk,dc=nu
# The port.
# Optional: default is 389.
#port 389
# The search scope.
#scope sub
scope one
#scope base
# Search timelimit
#timelimit 30
# Bind timelimit
#bind_timelimit 30
# Idle timelimit; client will close connections
# (nss_ldap only) if the server has not been contacted
# for the number of seconds specified below.
#idle_timelimit 3600
# Filter to AND with uid=%s
pam_filter objectclass=account
# The user ID attribute (defaults to uid)
pam_login_attribute uid
# Search the root DSE for the password policy (works
# with Netscape Directory Server)
#pam_lookup_policy yes
# Group to enforce membership of
#pam_groupdn cn=PAM,ou=Groups,dc=eijk,dc=nu
# Group member attribute
#pam_member_attribute gid
# Template login attribute, default template user
# (can be overriden by value of former attribute
# in user's entry)
#pam_login_attribute userPrincipalName
#pam_template_login_attribute uid
#pam_template_login nobody
# HEADS UP: the pam_crypt, pam_nds_passwd,
# and pam_ad_passwd options are no
# longer supported.
# Do not hash the password at all; presume
# the directory server will do it, if
# necessary. This is the default.
#pam_password clear
# Hash password locally; required for University of
# Michigan LDAP server, and works with Netscape
# Directory Server if you're using the UNIX-Crypt
# hash mechanism and not using the NT Synchronization
# service.
#pam_password crypt
# Remove old password first, then update in
# cleartext. Necessary for use with Novell
# Directory Services (NDS)
#pam_password nds
# Update Active Directory password, by
# creating Unicode password and updating
# unicodePwd attribute.
#pam_password ad
# Use the OpenLDAP password change
# extended operation to update the password.
#pam_password exop
pam_password crypt
# RFC2307bis naming contexts
# Syntax:
# nss_base_XXX base?scope?filter
# where scope is {base,one,sub}
# and filter is a filter to be 'd with the
# default filter.
# You can omit the suffix eg:
# nss_base_passwd ou=People,
# to append the default base DN but this
# may incur a small performance impact.
nss_base_passwd ou=People,dc=eijk,dc=nu
nss_base_shadow ou=People,dc=eijk,dc=nu
nss_base_group ou=Group,dc=eijk,dc=nu
#nss_base_hosts ou=Hosts,dc=eijk,dc=nu?one
#nss_base_services ou=Services,dc=eijk,dc=nu?one
#nss_base_networks ou=Networks,dc=eijk,dc=nu?one
#nss_base_protocols ou=Protocols,dc=eijk,dc=nu?one
#nss_base_rpc ou=Rpc,dc=eijk,dc=nu?one
#nss_base_ethersou=Ethers,dc=eijk,dc=nu?one
#nss_base_netmasks ou=Networks,dc=eijk,dc=nu?ne
#nss_base_bootparamsou=Ethers,dc=eijk,dc=nu?one
#nss_base_aliases ou=Aliases,dc=eijk,dc=nu?one
#nss_base_netgroup ou=Netgroup,dc=eijk,dc=nu?one
# attribute/objectclass mapping
# Syntax:
#nss_map_attribute rfc2307attributemapped_attribute
#nss_map_objectclass
[Cooker] Re: [CHRPM] nss_ldap-211-1mdk
After updating to nss_ldap-211-1mdk I'm getting errors as such: $ ls -l total 68060 ls: relocation error: /lib/libnss_ldap.so.2: undefined symbol: dbopen [EMAIL PROTECTED] stefan]$ ssh kenobi.mandrakesoft.com ssh: relocation error: /lib/libnss_ldap.so.2: undefined symbol: dbopen Anybody else? Florin [EMAIL PROTECTED] 211-1mdk - 211 -=-=-=- smime.p7s Description: S/MIME Cryptographic Signature
