RE: problem with kerberos startup and LDAP
Hello All, I have the same problem. See also PR58680. http://www.freebsd.org/cgi/query-pr.cgi?pr=58680 Guys who work on RCNG please consider the proposed solution. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sean McNeil Sent: Monday, December 01, 2003 9:37 AM To: [EMAIL PROTECTED] Subject: problem with kerberos startup and LDAP Hello All, I was having trouble with startup and kdc/kadmin5 failing. Turns out that they were trying to access a shared library in /usr/local/lib (libldap.so.2). Unfortunately, both were getting started before ldconfig. I added ldconfig to the REQUIRE: for kerberos and now all is well. What should be the correct solution? Sean ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: problem with kerberos startup and LDAP
On Sun, Nov 30, 2003 at 10:37:08PM -0800, Sean McNeil wrote: Hello All, I was having trouble with startup and kdc/kadmin5 failing. Turns out that they were trying to access a shared library in /usr/local/lib (libldap.so.2). Unfortunately, both were getting started before ldconfig. I added ldconfig to the REQUIRE: for kerberos and now all is well. What should be the correct solution? Let's see: What implementation of Kerberos? (Heimdal, MIT?) Installed as part of the base system, from the Ports Collection, or by hand? The correct solutions are: (a) Do not build Kerberos against OpenLDAP if you do not use LDAP functionality. (b) When building Kerberos, make certain that the linker flags include an appropriate setting for RPATH, e.g. `-rpath /usr/local/lib'. Cheers, -- Jacques Vidrine NTT/Verio SME FreeBSD UNIX Heimdal [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: problem with kerberos startup and LDAP
This was with Heimdal from an installation of -CURRENT. I am using LDAP functionality, so option (a) below is not an option. Option (b) below sounds more difficult than the change I made to /etc/rc.d/kerberos :) I hadn't thought kerberos would get linked in such a manner, but now that you mentioned it here is what it ended up using: /usr/libexec/kdc: libkrb5.so.7 = /usr/lib/libkrb5.so.7 (0x2807e000) libhdb.so.7 = /usr/lib/libhdb.so.7 (0x280ba000) libroken.so.7 = /usr/lib/libroken.so.7 (0x280ca000) libasn1.so.7 = /usr/lib/libasn1.so.7 (0x280d8000) libcrypto.so.3 = /lib/libcrypto.so.3 (0x280fe000) libcrypt.so.2 = /lib/libcrypt.so.2 (0x28208000) libcom_err.so.2 = /usr/lib/libcom_err.so.2 (0x28221000) libldap.so.2 = /usr/local/lib/libldap.so.2 (0x28223000) liblber.so.2 = /usr/local/lib/liblber.so.2 (0x28254000) libc.so.5 = /lib/libc.so.5 (0x2826) libsasl2.so.2 = /usr/local/lib/libsasl2.so.2 (0x28337000) libssl.so.3 = /usr/local/lib/libssl.so.3 (0x2834a000) libcrypto.so.3 = /usr/local/lib/libcrypto.so.3 (0x2837b000) It only complained about libldap.so.2, so I would guess kerberos is using the -rpath for the others? Thanks, Sean On Mon, 2003-12-01 at 05:25, Jacques A. Vidrine wrote: On Sun, Nov 30, 2003 at 10:37:08PM -0800, Sean McNeil wrote: Hello All, I was having trouble with startup and kdc/kadmin5 failing. Turns out that they were trying to access a shared library in /usr/local/lib (libldap.so.2). Unfortunately, both were getting started before ldconfig. I added ldconfig to the REQUIRE: for kerberos and now all is well. What should be the correct solution? Let's see: What implementation of Kerberos? (Heimdal, MIT?) Installed as part of the base system, from the Ports Collection, or by hand? The correct solutions are: (a) Do not build Kerberos against OpenLDAP if you do not use LDAP functionality. (b) When building Kerberos, make certain that the linker flags include an appropriate setting for RPATH, e.g. `-rpath /usr/local/lib'. Cheers, ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: problem with kerberos startup and LDAP
On Mon, Dec 01, 2003 at 10:10:20AM -0800, Sean McNeil wrote: This was with Heimdal from an installation of -CURRENT. I am using LDAP functionality, so option (a) below is not an option. Option (b) below sounds more difficult than the change I made to /etc/rc.d/kerberos :) I hadn't thought kerberos would get linked in such a manner, but now that you mentioned it here is what it ended up using: /usr/libexec/kdc: libkrb5.so.7 = /usr/lib/libkrb5.so.7 (0x2807e000) libhdb.so.7 = /usr/lib/libhdb.so.7 (0x280ba000) libroken.so.7 = /usr/lib/libroken.so.7 (0x280ca000) libasn1.so.7 = /usr/lib/libasn1.so.7 (0x280d8000) libcrypto.so.3 = /lib/libcrypto.so.3 (0x280fe000) libcrypt.so.2 = /lib/libcrypt.so.2 (0x28208000) libcom_err.so.2 = /usr/lib/libcom_err.so.2 (0x28221000) libldap.so.2 = /usr/local/lib/libldap.so.2 (0x28223000) liblber.so.2 = /usr/local/lib/liblber.so.2 (0x28254000) libc.so.5 = /lib/libc.so.5 (0x2826) libsasl2.so.2 = /usr/local/lib/libsasl2.so.2 (0x28337000) libssl.so.3 = /usr/local/lib/libssl.so.3 (0x2834a000) libcrypto.so.3 = /usr/local/lib/libcrypto.so.3 (0x2837b000) It only complained about libldap.so.2, so I would guess kerberos is using the -rpath for the others? Oh, you must be using `WITH_OPENLDAP'--- an option that I did not even realize was available in the base system until I looked just now :-) Yes, I believe the build is broken and I will correct it after the code freeze. In the meantime, you might try the following patch and rebuild the KDC (`make clean' first). Cheers, -- Jacques Vidrine NTT/Verio SME FreeBSD UNIX Heimdal [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Index: kerberos5/Makefile.inc === RCS file: /home/ncvs/src/kerberos5/Makefile.inc,v retrieving revision 1.19 diff -c -r1.19 Makefile.inc *** kerberos5/Makefile.inc 18 Jul 2003 13:21:55 - 1.19 --- kerberos5/Makefile.inc 1 Dec 2003 18:21:23 - *** *** 16,22 OPENLDAPBASE?=/usr/local LDAPLIBS=-lldap -llber LDAPCFLAGS=-I${OPENLDAPBASE}/include -DOPENLDAP=1 ! LDAPLDADD=-L${OPENLDAPBASE}/lib ${LDAPLIBS} .endif .if exists(${.OBJDIR}/../../include) --- 16,22 OPENLDAPBASE?=/usr/local LDAPLIBS=-lldap -llber LDAPCFLAGS=-I${OPENLDAPBASE}/include -DOPENLDAP=1 ! LDAPLDADD=-L${OPENLDAPBASE}/lib -Wl,-rpath,${OPENLDAPBASE}/lib ${LDAPLIBS} .endif .if exists(${.OBJDIR}/../../include) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: problem with kerberos startup and LDAP
Yes, I use the following in make.conf: WITH_LDAP=openldap2 WITH_OPENLDAP=yes Great, I will give your patch a try. Thanks! Sean On Mon, 2003-12-01 at 10:23, Jacques A. Vidrine wrote: On Mon, Dec 01, 2003 at 10:10:20AM -0800, Sean McNeil wrote: This was with Heimdal from an installation of -CURRENT. I am using LDAP functionality, so option (a) below is not an option. Option (b) below sounds more difficult than the change I made to /etc/rc.d/kerberos :) I hadn't thought kerberos would get linked in such a manner, but now that you mentioned it here is what it ended up using: /usr/libexec/kdc: libkrb5.so.7 = /usr/lib/libkrb5.so.7 (0x2807e000) libhdb.so.7 = /usr/lib/libhdb.so.7 (0x280ba000) libroken.so.7 = /usr/lib/libroken.so.7 (0x280ca000) libasn1.so.7 = /usr/lib/libasn1.so.7 (0x280d8000) libcrypto.so.3 = /lib/libcrypto.so.3 (0x280fe000) libcrypt.so.2 = /lib/libcrypt.so.2 (0x28208000) libcom_err.so.2 = /usr/lib/libcom_err.so.2 (0x28221000) libldap.so.2 = /usr/local/lib/libldap.so.2 (0x28223000) liblber.so.2 = /usr/local/lib/liblber.so.2 (0x28254000) libc.so.5 = /lib/libc.so.5 (0x2826) libsasl2.so.2 = /usr/local/lib/libsasl2.so.2 (0x28337000) libssl.so.3 = /usr/local/lib/libssl.so.3 (0x2834a000) libcrypto.so.3 = /usr/local/lib/libcrypto.so.3 (0x2837b000) It only complained about libldap.so.2, so I would guess kerberos is using the -rpath for the others? Oh, you must be using `WITH_OPENLDAP'--- an option that I did not even realize was available in the base system until I looked just now :-) Yes, I believe the build is broken and I will correct it after the code freeze. In the meantime, you might try the following patch and rebuild the KDC (`make clean' first). Cheers, ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
problem with kerberos startup and LDAP
Hello All, I was having trouble with startup and kdc/kadmin5 failing. Turns out that they were trying to access a shared library in /usr/local/lib (libldap.so.2). Unfortunately, both were getting started before ldconfig. I added ldconfig to the REQUIRE: for kerberos and now all is well. What should be the correct solution? Sean ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]