RE: problem with kerberos startup and LDAP
Hello All, I have the same problem. See also PR58680. http://www.freebsd.org/cgi/query-pr.cgi?pr=58680 Guys who work on RCNG please consider the proposed solution. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sean McNeil Sent: Monday, December 01, 2003 9:37 AM To: [EMAIL PROTECTED] Subject: problem with kerberos startup and LDAP Hello All, I was having trouble with startup and kdc/kadmin5 failing. Turns out that they were trying to access a shared library in /usr/local/lib (libldap.so.2). Unfortunately, both were getting started before ldconfig. I added ldconfig to the REQUIRE: for kerberos and now all is well. What should be the correct solution? Sean ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: problem with kerberos startup and LDAP
On Sun, Nov 30, 2003 at 10:37:08PM -0800, Sean McNeil wrote: Hello All, I was having trouble with startup and kdc/kadmin5 failing. Turns out that they were trying to access a shared library in /usr/local/lib (libldap.so.2). Unfortunately, both were getting started before ldconfig. I added ldconfig to the REQUIRE: for kerberos and now all is well. What should be the correct solution? Let's see: What implementation of Kerberos? (Heimdal, MIT?) Installed as part of the base system, from the Ports Collection, or by hand? The correct solutions are: (a) Do not build Kerberos against OpenLDAP if you do not use LDAP functionality. (b) When building Kerberos, make certain that the linker flags include an appropriate setting for RPATH, e.g. `-rpath /usr/local/lib'. Cheers, -- Jacques Vidrine NTT/Verio SME FreeBSD UNIX Heimdal [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: problem with kerberos startup and LDAP
This was with Heimdal from an installation of -CURRENT. I am using LDAP functionality, so option (a) below is not an option. Option (b) below sounds more difficult than the change I made to /etc/rc.d/kerberos :) I hadn't thought kerberos would get linked in such a manner, but now that you mentioned it here is what it ended up using: /usr/libexec/kdc: libkrb5.so.7 = /usr/lib/libkrb5.so.7 (0x2807e000) libhdb.so.7 = /usr/lib/libhdb.so.7 (0x280ba000) libroken.so.7 = /usr/lib/libroken.so.7 (0x280ca000) libasn1.so.7 = /usr/lib/libasn1.so.7 (0x280d8000) libcrypto.so.3 = /lib/libcrypto.so.3 (0x280fe000) libcrypt.so.2 = /lib/libcrypt.so.2 (0x28208000) libcom_err.so.2 = /usr/lib/libcom_err.so.2 (0x28221000) libldap.so.2 = /usr/local/lib/libldap.so.2 (0x28223000) liblber.so.2 = /usr/local/lib/liblber.so.2 (0x28254000) libc.so.5 = /lib/libc.so.5 (0x2826) libsasl2.so.2 = /usr/local/lib/libsasl2.so.2 (0x28337000) libssl.so.3 = /usr/local/lib/libssl.so.3 (0x2834a000) libcrypto.so.3 = /usr/local/lib/libcrypto.so.3 (0x2837b000) It only complained about libldap.so.2, so I would guess kerberos is using the -rpath for the others? Thanks, Sean On Mon, 2003-12-01 at 05:25, Jacques A. Vidrine wrote: On Sun, Nov 30, 2003 at 10:37:08PM -0800, Sean McNeil wrote: Hello All, I was having trouble with startup and kdc/kadmin5 failing. Turns out that they were trying to access a shared library in /usr/local/lib (libldap.so.2). Unfortunately, both were getting started before ldconfig. I added ldconfig to the REQUIRE: for kerberos and now all is well. What should be the correct solution? Let's see: What implementation of Kerberos? (Heimdal, MIT?) Installed as part of the base system, from the Ports Collection, or by hand? The correct solutions are: (a) Do not build Kerberos against OpenLDAP if you do not use LDAP functionality. (b) When building Kerberos, make certain that the linker flags include an appropriate setting for RPATH, e.g. `-rpath /usr/local/lib'. Cheers, ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: problem with kerberos startup and LDAP
On Mon, Dec 01, 2003 at 10:10:20AM -0800, Sean McNeil wrote:
This was with Heimdal from an installation of -CURRENT. I am using LDAP
functionality, so option (a) below is not an option. Option (b) below
sounds more difficult than the change I made to /etc/rc.d/kerberos :)
I hadn't thought kerberos would get linked in such a manner, but now
that you mentioned it here is what it ended up using:
/usr/libexec/kdc:
libkrb5.so.7 = /usr/lib/libkrb5.so.7 (0x2807e000)
libhdb.so.7 = /usr/lib/libhdb.so.7 (0x280ba000)
libroken.so.7 = /usr/lib/libroken.so.7 (0x280ca000)
libasn1.so.7 = /usr/lib/libasn1.so.7 (0x280d8000)
libcrypto.so.3 = /lib/libcrypto.so.3 (0x280fe000)
libcrypt.so.2 = /lib/libcrypt.so.2 (0x28208000)
libcom_err.so.2 = /usr/lib/libcom_err.so.2 (0x28221000)
libldap.so.2 = /usr/local/lib/libldap.so.2 (0x28223000)
liblber.so.2 = /usr/local/lib/liblber.so.2 (0x28254000)
libc.so.5 = /lib/libc.so.5 (0x2826)
libsasl2.so.2 = /usr/local/lib/libsasl2.so.2 (0x28337000)
libssl.so.3 = /usr/local/lib/libssl.so.3 (0x2834a000)
libcrypto.so.3 = /usr/local/lib/libcrypto.so.3 (0x2837b000)
It only complained about libldap.so.2, so I would guess kerberos is
using the -rpath for the others?
Oh, you must be using `WITH_OPENLDAP'--- an option that I did not even
realize was available in the base system until I looked just now :-)
Yes, I believe the build is broken and I will correct it after the
code freeze. In the meantime, you might try the following patch and
rebuild the KDC (`make clean' first).
Cheers,
--
Jacques Vidrine NTT/Verio SME FreeBSD UNIX Heimdal
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Index: kerberos5/Makefile.inc
===
RCS file: /home/ncvs/src/kerberos5/Makefile.inc,v
retrieving revision 1.19
diff -c -r1.19 Makefile.inc
*** kerberos5/Makefile.inc 18 Jul 2003 13:21:55 - 1.19
--- kerberos5/Makefile.inc 1 Dec 2003 18:21:23 -
***
*** 16,22
OPENLDAPBASE?=/usr/local
LDAPLIBS=-lldap -llber
LDAPCFLAGS=-I${OPENLDAPBASE}/include -DOPENLDAP=1
! LDAPLDADD=-L${OPENLDAPBASE}/lib ${LDAPLIBS}
.endif
.if exists(${.OBJDIR}/../../include)
--- 16,22
OPENLDAPBASE?=/usr/local
LDAPLIBS=-lldap -llber
LDAPCFLAGS=-I${OPENLDAPBASE}/include -DOPENLDAP=1
! LDAPLDADD=-L${OPENLDAPBASE}/lib -Wl,-rpath,${OPENLDAPBASE}/lib ${LDAPLIBS}
.endif
.if exists(${.OBJDIR}/../../include)
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: problem with kerberos startup and LDAP
Yes, I use the following in make.conf: WITH_LDAP=openldap2 WITH_OPENLDAP=yes Great, I will give your patch a try. Thanks! Sean On Mon, 2003-12-01 at 10:23, Jacques A. Vidrine wrote: On Mon, Dec 01, 2003 at 10:10:20AM -0800, Sean McNeil wrote: This was with Heimdal from an installation of -CURRENT. I am using LDAP functionality, so option (a) below is not an option. Option (b) below sounds more difficult than the change I made to /etc/rc.d/kerberos :) I hadn't thought kerberos would get linked in such a manner, but now that you mentioned it here is what it ended up using: /usr/libexec/kdc: libkrb5.so.7 = /usr/lib/libkrb5.so.7 (0x2807e000) libhdb.so.7 = /usr/lib/libhdb.so.7 (0x280ba000) libroken.so.7 = /usr/lib/libroken.so.7 (0x280ca000) libasn1.so.7 = /usr/lib/libasn1.so.7 (0x280d8000) libcrypto.so.3 = /lib/libcrypto.so.3 (0x280fe000) libcrypt.so.2 = /lib/libcrypt.so.2 (0x28208000) libcom_err.so.2 = /usr/lib/libcom_err.so.2 (0x28221000) libldap.so.2 = /usr/local/lib/libldap.so.2 (0x28223000) liblber.so.2 = /usr/local/lib/liblber.so.2 (0x28254000) libc.so.5 = /lib/libc.so.5 (0x2826) libsasl2.so.2 = /usr/local/lib/libsasl2.so.2 (0x28337000) libssl.so.3 = /usr/local/lib/libssl.so.3 (0x2834a000) libcrypto.so.3 = /usr/local/lib/libcrypto.so.3 (0x2837b000) It only complained about libldap.so.2, so I would guess kerberos is using the -rpath for the others? Oh, you must be using `WITH_OPENLDAP'--- an option that I did not even realize was available in the base system until I looked just now :-) Yes, I believe the build is broken and I will correct it after the code freeze. In the meantime, you might try the following patch and rebuild the KDC (`make clean' first). Cheers, ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
problem with kerberos startup and LDAP
Hello All, I was having trouble with startup and kdc/kadmin5 failing. Turns out that they were trying to access a shared library in /usr/local/lib (libldap.so.2). Unfortunately, both were getting started before ldconfig. I added ldconfig to the REQUIRE: for kerberos and now all is well. What should be the correct solution? Sean ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
