[Touch-packages] [Bug 1772530] Re: OpenLDAP depends on old version of KRB5 which conflicts with other packages
[Expired for openldap (Ubuntu) because there has been no activity for 60 days.] ** Changed in: openldap (Ubuntu) Status: Incomplete => Expired -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1772530 Title: OpenLDAP depends on old version of KRB5 which conflicts with other packages Status in openldap package in Ubuntu: Expired Bug description: Currently, Ubuntu 16.04's newest offered version of OpenLDAP is version 2.4.42. This version depends on libgssapi3 which in turn depends libkrb5 version 2.6. Many other common libraries (like gssapi_krb5) depend on libkrb5 3.0. From what I can tell, OpenLDAP version 2.4.44 fixes this issue, but it is not available from any of the Ubuntu repo's. It would be fabulous if this could be fixed. Repo: > # OpenLDAP depends on krb5 2.6 > readelf -d /usr/lib/x86_64-linux-gnu/libldap.so Dynamic section at offset 0x4d548 contains 32 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [liblber-2.4.so.2] 0x0001 (NEEDED) Shared library: [libresolv.so.2] 0x0001 (NEEDED) Shared library: [libsasl2.so.2] 0x0001 (NEEDED) Shared library: [libgssapi.so.3] 0x0001 (NEEDED) Shared library: [libgnutls.so.30] 0x0001 (NEEDED) Shared library: [libpthread.so.0] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libldap_r-2.4.so.2] >readelf -d /usr/lib/x86_64-linux-gnu/libgssapi.so.3 Dynamic section at offset 0x3daa8 contains 34 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [libheimntlm.so.0] 0x0001 (NEEDED) Shared library: [libkrb5.so.26] 0x0001 (NEEDED) Shared library: [libasn1.so.8] 0x0001 (NEEDED) Shared library: [libcom_err.so.2] 0x0001 (NEEDED) Shared library: [libhcrypto.so.4] 0x0001 (NEEDED) Shared library: [libroken.so.18] 0x0001 (NEEDED) Shared library: [libpthread.so.0] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libgssapi.so.3] > # gssapi_krb5 and default krb5 depend on krb5 3.0 > readelf -d /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so Dynamic section at offset 0x47c48 contains 31 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [libkrb5.so.3] 0x0001 (NEEDED) Shared library: [libk5crypto.so.3] 0x0001 (NEEDED) Shared library: [libcom_err.so.2] 0x0001 (NEEDED) Shared library: [libkrb5support.so.0] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libgssapi_krb5.so.2] > readelf -d /usr/lib/x86_64-linux-gnu/libkrb5.so Dynamic section at offset 0xcfcc0 contains 32 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [libk5crypto.so.3] 0x0001 (NEEDED) Shared library: [libcom_err.so.2] 0x0001 (NEEDED) Shared library: [libkrb5support.so.0] 0x0001 (NEEDED) Shared library: [libkeyutils.so.1] 0x0001 (NEEDED) Shared library: [libresolv.so.2] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libkrb5.so.3] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1772530/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1772530] Re: OpenLDAP depends on old version of KRB5 which conflicts with other packages
I did some research, and it looks like adcli fires the same linker warnings I was seeing, but just ignores them and everything works. I guess I will have to go down the path of dynamically checking dependencies for the LDAP package at runtime and only load the library if it doesn't conflict, meaning this feature won't be on Ubuntu, but it doesn't look like there is another option from my end. I would still love it if there were MIT specific LDAP packages released, so if you decide to go down that path, please let me know. Thanks for the help! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1772530 Title: OpenLDAP depends on old version of KRB5 which conflicts with other packages Status in openldap package in Ubuntu: Incomplete Bug description: Currently, Ubuntu 16.04's newest offered version of OpenLDAP is version 2.4.42. This version depends on libgssapi3 which in turn depends libkrb5 version 2.6. Many other common libraries (like gssapi_krb5) depend on libkrb5 3.0. From what I can tell, OpenLDAP version 2.4.44 fixes this issue, but it is not available from any of the Ubuntu repo's. It would be fabulous if this could be fixed. Repo: > # OpenLDAP depends on krb5 2.6 > readelf -d /usr/lib/x86_64-linux-gnu/libldap.so Dynamic section at offset 0x4d548 contains 32 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [liblber-2.4.so.2] 0x0001 (NEEDED) Shared library: [libresolv.so.2] 0x0001 (NEEDED) Shared library: [libsasl2.so.2] 0x0001 (NEEDED) Shared library: [libgssapi.so.3] 0x0001 (NEEDED) Shared library: [libgnutls.so.30] 0x0001 (NEEDED) Shared library: [libpthread.so.0] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libldap_r-2.4.so.2] >readelf -d /usr/lib/x86_64-linux-gnu/libgssapi.so.3 Dynamic section at offset 0x3daa8 contains 34 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [libheimntlm.so.0] 0x0001 (NEEDED) Shared library: [libkrb5.so.26] 0x0001 (NEEDED) Shared library: [libasn1.so.8] 0x0001 (NEEDED) Shared library: [libcom_err.so.2] 0x0001 (NEEDED) Shared library: [libhcrypto.so.4] 0x0001 (NEEDED) Shared library: [libroken.so.18] 0x0001 (NEEDED) Shared library: [libpthread.so.0] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libgssapi.so.3] > # gssapi_krb5 and default krb5 depend on krb5 3.0 > readelf -d /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so Dynamic section at offset 0x47c48 contains 31 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [libkrb5.so.3] 0x0001 (NEEDED) Shared library: [libk5crypto.so.3] 0x0001 (NEEDED) Shared library: [libcom_err.so.2] 0x0001 (NEEDED) Shared library: [libkrb5support.so.0] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libgssapi_krb5.so.2] > readelf -d /usr/lib/x86_64-linux-gnu/libkrb5.so Dynamic section at offset 0xcfcc0 contains 32 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [libk5crypto.so.3] 0x0001 (NEEDED) Shared library: [libcom_err.so.2] 0x0001 (NEEDED) Shared library: [libkrb5support.so.0] 0x0001 (NEEDED) Shared library: [libkeyutils.so.1] 0x0001 (NEEDED) Shared library: [libresolv.so.2] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libkrb5.so.3] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1772530/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1772530] Re: OpenLDAP depends on old version of KRB5 which conflicts with other packages
>As far as I know the libldap packages in those distros don't directly >link a GSSAPI library at all. Ubuntu is the only one I'm aware of that >enables this. Yes. On other distros, it links directly to libkrb5.so. That in turn can either link to Heimdal or MIT, resolving the problem. I will look into nslcd and adcli and can hopefully get working from there. Thanks for the help. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1772530 Title: OpenLDAP depends on old version of KRB5 which conflicts with other packages Status in openldap package in Ubuntu: Incomplete Bug description: Currently, Ubuntu 16.04's newest offered version of OpenLDAP is version 2.4.42. This version depends on libgssapi3 which in turn depends libkrb5 version 2.6. Many other common libraries (like gssapi_krb5) depend on libkrb5 3.0. From what I can tell, OpenLDAP version 2.4.44 fixes this issue, but it is not available from any of the Ubuntu repo's. It would be fabulous if this could be fixed. Repo: > # OpenLDAP depends on krb5 2.6 > readelf -d /usr/lib/x86_64-linux-gnu/libldap.so Dynamic section at offset 0x4d548 contains 32 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [liblber-2.4.so.2] 0x0001 (NEEDED) Shared library: [libresolv.so.2] 0x0001 (NEEDED) Shared library: [libsasl2.so.2] 0x0001 (NEEDED) Shared library: [libgssapi.so.3] 0x0001 (NEEDED) Shared library: [libgnutls.so.30] 0x0001 (NEEDED) Shared library: [libpthread.so.0] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libldap_r-2.4.so.2] >readelf -d /usr/lib/x86_64-linux-gnu/libgssapi.so.3 Dynamic section at offset 0x3daa8 contains 34 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [libheimntlm.so.0] 0x0001 (NEEDED) Shared library: [libkrb5.so.26] 0x0001 (NEEDED) Shared library: [libasn1.so.8] 0x0001 (NEEDED) Shared library: [libcom_err.so.2] 0x0001 (NEEDED) Shared library: [libhcrypto.so.4] 0x0001 (NEEDED) Shared library: [libroken.so.18] 0x0001 (NEEDED) Shared library: [libpthread.so.0] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libgssapi.so.3] > # gssapi_krb5 and default krb5 depend on krb5 3.0 > readelf -d /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so Dynamic section at offset 0x47c48 contains 31 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [libkrb5.so.3] 0x0001 (NEEDED) Shared library: [libk5crypto.so.3] 0x0001 (NEEDED) Shared library: [libcom_err.so.2] 0x0001 (NEEDED) Shared library: [libkrb5support.so.0] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libgssapi_krb5.so.2] > readelf -d /usr/lib/x86_64-linux-gnu/libkrb5.so Dynamic section at offset 0xcfcc0 contains 32 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [libk5crypto.so.3] 0x0001 (NEEDED) Shared library: [libcom_err.so.2] 0x0001 (NEEDED) Shared library: [libkrb5support.so.0] 0x0001 (NEEDED) Shared library: [libkeyutils.so.1] 0x0001 (NEEDED) Shared library: [libresolv.so.2] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libkrb5.so.3] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1772530/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1772530] Re: OpenLDAP depends on old version of KRB5 which conflicts with other packages
On Tue, May 22, 2018 at 05:48:42PM -, Dylan Gray wrote: >I know RHEL and SLES have an OpenLDAP version which has a dependency on >MIT Kerberos. As far as I know the libldap packages in those distros don't directly link a GSSAPI library at all. Ubuntu is the only one I'm aware of that enables this. $ cat /etc/centos-release CentOS release 6.9 (Final) $ ldd /lib64/libldap-2.4.so.2 | grep -e gss -e krb $ If there is a dependency I would guess it's a transitive one, via some intermediate library such as NSS? >Ideally for me, there would be libldap2-mit and libldap2-mit-dev >packages I could apt-get, and all my problems would go away without >breaking anyone. That being said, I know that is kind of a big ask. For future releases I'd be more inclined to just disable the libldap GSSAPI support - it's dead upstream, non-standard, and as far as I know not enabled at all in other distros. For existing Ubuntu stable releases I think we're stuck with the status quo. I'd focus on figuring out what the difference is between your program and others that are apparently able to link both libgssapi-krb5 and libldap. nslcd is one example as I mentioned; adcli looks like another. https://launchpadlibrarian.net/252516279/buildlog_ubuntu-xenial- amd64.adcli_0.8.1-1_BUILDING.txt.gz >libtool: link: gcc -g -O2 -fstack-protector-strong -Wformat >-Werror=format-security -g -Wall -Wstrict-prototypes -Wmissing-declarations >-Wmissing-prototypes -Wnested-externs -Wpointer-arith >-Wdeclaration-after-statement -Wformat=2 -Winit-self -Waggregate-return >-Wno-missing-format-attribute -Wmissing-include-dirs -Wundef >-Wl,-Bsymbolic-functions -Wl,-z -Wl,relro -o adcli computer.o entry.o info.o >tools.o -Wl,-Bsymbolic-functions -Wl,-z -Wl,relro ../library/.libs/libadcli.a >-L/usr/lib/x86_64-linux-gnu/mit-krb5 -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err >-llber -lldap -lresolv >/usr/bin/ld: warning: libkrb5.so.26, needed by >//usr/lib/x86_64-linux-gnu/libgssapi.so.3, may conflict with libkrb5.so.3 That one appears to work despite the conflict... -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1772530 Title: OpenLDAP depends on old version of KRB5 which conflicts with other packages Status in openldap package in Ubuntu: Incomplete Bug description: Currently, Ubuntu 16.04's newest offered version of OpenLDAP is version 2.4.42. This version depends on libgssapi3 which in turn depends libkrb5 version 2.6. Many other common libraries (like gssapi_krb5) depend on libkrb5 3.0. From what I can tell, OpenLDAP version 2.4.44 fixes this issue, but it is not available from any of the Ubuntu repo's. It would be fabulous if this could be fixed. Repo: > # OpenLDAP depends on krb5 2.6 > readelf -d /usr/lib/x86_64-linux-gnu/libldap.so Dynamic section at offset 0x4d548 contains 32 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [liblber-2.4.so.2] 0x0001 (NEEDED) Shared library: [libresolv.so.2] 0x0001 (NEEDED) Shared library: [libsasl2.so.2] 0x0001 (NEEDED) Shared library: [libgssapi.so.3] 0x0001 (NEEDED) Shared library: [libgnutls.so.30] 0x0001 (NEEDED) Shared library: [libpthread.so.0] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libldap_r-2.4.so.2] >readelf -d /usr/lib/x86_64-linux-gnu/libgssapi.so.3 Dynamic section at offset 0x3daa8 contains 34 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [libheimntlm.so.0] 0x0001 (NEEDED) Shared library: [libkrb5.so.26] 0x0001 (NEEDED) Shared library: [libasn1.so.8] 0x0001 (NEEDED) Shared library: [libcom_err.so.2] 0x0001 (NEEDED) Shared library: [libhcrypto.so.4] 0x0001 (NEEDED) Shared library: [libroken.so.18] 0x0001 (NEEDED) Shared library: [libpthread.so.0] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libgssapi.so.3] > # gssapi_krb5 and default krb5 depend on krb5 3.0 > readelf -d /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so Dynamic section at offset 0x47c48 contains 31 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [libkrb5.so.3] 0x0001 (NEEDED) Shared library: [libk5crypto.so.3] 0x0001 (NEEDED) Shared library: [libcom_err.so.2] 0x0001 (NEEDED) Shared
[Touch-packages] [Bug 1772530] Re: OpenLDAP depends on old version of KRB5 which conflicts with other packages
Ryan, That makes sense. And yes, if I could deal with credentials like LDAP does, that would be incredibly convenient, but I cannot. In theory, I can parse the ELF structure of the LDAP library at runtime, check if there is the dependency issue, and then load the ldap library dynamically if everything is fine, but that would be a pain to implement and we would essentially just be disabling this feature on Ubuntu which would be sad. I know RHEL and SLES have an OpenLDAP version which has a dependency on MIT Kerberos. Ideally for me, there would be libldap2-mit and libldap2-mit-dev packages I could apt-get, and all my problems would go away without breaking anyone. That being said, I know that is kind of a big ask. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1772530 Title: OpenLDAP depends on old version of KRB5 which conflicts with other packages Status in openldap package in Ubuntu: Incomplete Bug description: Currently, Ubuntu 16.04's newest offered version of OpenLDAP is version 2.4.42. This version depends on libgssapi3 which in turn depends libkrb5 version 2.6. Many other common libraries (like gssapi_krb5) depend on libkrb5 3.0. From what I can tell, OpenLDAP version 2.4.44 fixes this issue, but it is not available from any of the Ubuntu repo's. It would be fabulous if this could be fixed. Repo: > # OpenLDAP depends on krb5 2.6 > readelf -d /usr/lib/x86_64-linux-gnu/libldap.so Dynamic section at offset 0x4d548 contains 32 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [liblber-2.4.so.2] 0x0001 (NEEDED) Shared library: [libresolv.so.2] 0x0001 (NEEDED) Shared library: [libsasl2.so.2] 0x0001 (NEEDED) Shared library: [libgssapi.so.3] 0x0001 (NEEDED) Shared library: [libgnutls.so.30] 0x0001 (NEEDED) Shared library: [libpthread.so.0] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libldap_r-2.4.so.2] >readelf -d /usr/lib/x86_64-linux-gnu/libgssapi.so.3 Dynamic section at offset 0x3daa8 contains 34 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [libheimntlm.so.0] 0x0001 (NEEDED) Shared library: [libkrb5.so.26] 0x0001 (NEEDED) Shared library: [libasn1.so.8] 0x0001 (NEEDED) Shared library: [libcom_err.so.2] 0x0001 (NEEDED) Shared library: [libhcrypto.so.4] 0x0001 (NEEDED) Shared library: [libroken.so.18] 0x0001 (NEEDED) Shared library: [libpthread.so.0] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libgssapi.so.3] > # gssapi_krb5 and default krb5 depend on krb5 3.0 > readelf -d /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so Dynamic section at offset 0x47c48 contains 31 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [libkrb5.so.3] 0x0001 (NEEDED) Shared library: [libk5crypto.so.3] 0x0001 (NEEDED) Shared library: [libcom_err.so.2] 0x0001 (NEEDED) Shared library: [libkrb5support.so.0] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libgssapi_krb5.so.2] > readelf -d /usr/lib/x86_64-linux-gnu/libkrb5.so Dynamic section at offset 0xcfcc0 contains 32 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [libk5crypto.so.3] 0x0001 (NEEDED) Shared library: [libcom_err.so.2] 0x0001 (NEEDED) Shared library: [libkrb5support.so.0] 0x0001 (NEEDED) Shared library: [libkeyutils.so.1] 0x0001 (NEEDED) Shared library: [libresolv.so.2] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libkrb5.so.3] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1772530/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1772530] Re: OpenLDAP depends on old version of KRB5 which conflicts with other packages
On Tue, May 22, 2018 at 10:21:17AM -0700, Ryan Tandy wrote: >I see. Yes, I can see how that would be a problem. The linker warning >is only a warning, but the ABIs very likely do conflict. ... that said, at least one or two packages do seem to manage with both -lldap and -lgssapi_krb5, for example nslcd: https://launchpadlibrarian.net/222403009/buildlog_ubuntu-xenial-amd64 .nss-pam-ldapd_0.9.6-3_BUILDING.txt.gz Now maybe it's as simple as nslcd calls different things than your program does, but maybe you could look into how some of the existing packages that depend both on libgssapi-krb5 and libldap manage to work? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1772530 Title: OpenLDAP depends on old version of KRB5 which conflicts with other packages Status in openldap package in Ubuntu: Incomplete Bug description: Currently, Ubuntu 16.04's newest offered version of OpenLDAP is version 2.4.42. This version depends on libgssapi3 which in turn depends libkrb5 version 2.6. Many other common libraries (like gssapi_krb5) depend on libkrb5 3.0. From what I can tell, OpenLDAP version 2.4.44 fixes this issue, but it is not available from any of the Ubuntu repo's. It would be fabulous if this could be fixed. Repo: > # OpenLDAP depends on krb5 2.6 > readelf -d /usr/lib/x86_64-linux-gnu/libldap.so Dynamic section at offset 0x4d548 contains 32 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [liblber-2.4.so.2] 0x0001 (NEEDED) Shared library: [libresolv.so.2] 0x0001 (NEEDED) Shared library: [libsasl2.so.2] 0x0001 (NEEDED) Shared library: [libgssapi.so.3] 0x0001 (NEEDED) Shared library: [libgnutls.so.30] 0x0001 (NEEDED) Shared library: [libpthread.so.0] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libldap_r-2.4.so.2] >readelf -d /usr/lib/x86_64-linux-gnu/libgssapi.so.3 Dynamic section at offset 0x3daa8 contains 34 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [libheimntlm.so.0] 0x0001 (NEEDED) Shared library: [libkrb5.so.26] 0x0001 (NEEDED) Shared library: [libasn1.so.8] 0x0001 (NEEDED) Shared library: [libcom_err.so.2] 0x0001 (NEEDED) Shared library: [libhcrypto.so.4] 0x0001 (NEEDED) Shared library: [libroken.so.18] 0x0001 (NEEDED) Shared library: [libpthread.so.0] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libgssapi.so.3] > # gssapi_krb5 and default krb5 depend on krb5 3.0 > readelf -d /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so Dynamic section at offset 0x47c48 contains 31 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [libkrb5.so.3] 0x0001 (NEEDED) Shared library: [libk5crypto.so.3] 0x0001 (NEEDED) Shared library: [libcom_err.so.2] 0x0001 (NEEDED) Shared library: [libkrb5support.so.0] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libgssapi_krb5.so.2] > readelf -d /usr/lib/x86_64-linux-gnu/libkrb5.so Dynamic section at offset 0xcfcc0 contains 32 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [libk5crypto.so.3] 0x0001 (NEEDED) Shared library: [libcom_err.so.2] 0x0001 (NEEDED) Shared library: [libkrb5support.so.0] 0x0001 (NEEDED) Shared library: [libkeyutils.so.1] 0x0001 (NEEDED) Shared library: [libresolv.so.2] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libkrb5.so.3] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1772530/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1772530] Re: OpenLDAP depends on old version of KRB5 which conflicts with other packages
Hi Dylan, On Tue, May 22, 2018 at 04:39:21PM -, Dylan Gray wrote: >The dependency is a problem because my program depends on gssapi_krb5, >krb5, sasl, and openldap. On Ubuntu, the linker will throw errors >because "libkrb5.so.26, needed by //usr/lib/x86_64-linux- >gnu/libgssapi.so.3, may conflict with libkrb5.so." I see. Yes, I can see how that would be a problem. The linker warning is only a warning, but the ABIs very likely do conflict. As far as I know the MIT and Heimdal libraries can be combined at runtime, thanks to symbol versioning; but that doesn't help you at build time. I don't think changing libldap's linkage in an update to a several-years-old stable release is a good plan, though. It's at least as likely that doing so would break someone else's existing program (or worse, someone else's existing compiled binaries.) I suppose if it were possible for you to use GSSAPI via SASL (like libldap does) instead of directly, you'd be doing that already. I'm not really sure what to suggest here. I'll have to think about this. Maybe someone else reading this will have an idea. (I'm actually not sure why libldap links against Heimdal in the first place. MIT is usually the default choice for libkrb5. Maybe because Heimdal was already pulled into the openldap build for other reasons.) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1772530 Title: OpenLDAP depends on old version of KRB5 which conflicts with other packages Status in openldap package in Ubuntu: Incomplete Bug description: Currently, Ubuntu 16.04's newest offered version of OpenLDAP is version 2.4.42. This version depends on libgssapi3 which in turn depends libkrb5 version 2.6. Many other common libraries (like gssapi_krb5) depend on libkrb5 3.0. From what I can tell, OpenLDAP version 2.4.44 fixes this issue, but it is not available from any of the Ubuntu repo's. It would be fabulous if this could be fixed. Repo: > # OpenLDAP depends on krb5 2.6 > readelf -d /usr/lib/x86_64-linux-gnu/libldap.so Dynamic section at offset 0x4d548 contains 32 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [liblber-2.4.so.2] 0x0001 (NEEDED) Shared library: [libresolv.so.2] 0x0001 (NEEDED) Shared library: [libsasl2.so.2] 0x0001 (NEEDED) Shared library: [libgssapi.so.3] 0x0001 (NEEDED) Shared library: [libgnutls.so.30] 0x0001 (NEEDED) Shared library: [libpthread.so.0] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libldap_r-2.4.so.2] >readelf -d /usr/lib/x86_64-linux-gnu/libgssapi.so.3 Dynamic section at offset 0x3daa8 contains 34 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [libheimntlm.so.0] 0x0001 (NEEDED) Shared library: [libkrb5.so.26] 0x0001 (NEEDED) Shared library: [libasn1.so.8] 0x0001 (NEEDED) Shared library: [libcom_err.so.2] 0x0001 (NEEDED) Shared library: [libhcrypto.so.4] 0x0001 (NEEDED) Shared library: [libroken.so.18] 0x0001 (NEEDED) Shared library: [libpthread.so.0] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libgssapi.so.3] > # gssapi_krb5 and default krb5 depend on krb5 3.0 > readelf -d /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so Dynamic section at offset 0x47c48 contains 31 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [libkrb5.so.3] 0x0001 (NEEDED) Shared library: [libk5crypto.so.3] 0x0001 (NEEDED) Shared library: [libcom_err.so.2] 0x0001 (NEEDED) Shared library: [libkrb5support.so.0] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libgssapi_krb5.so.2] > readelf -d /usr/lib/x86_64-linux-gnu/libkrb5.so Dynamic section at offset 0xcfcc0 contains 32 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [libk5crypto.so.3] 0x0001 (NEEDED) Shared library: [libcom_err.so.2] 0x0001 (NEEDED) Shared library: [libkrb5support.so.0] 0x0001 (NEEDED) Shared library: [libkeyutils.so.1] 0x0001 (NEEDED) Shared library: [libresolv.so.2]
[Touch-packages] [Bug 1772530] Re: OpenLDAP depends on old version of KRB5 which conflicts with other packages
Ryan, The dependency is a problem because my program depends on gssapi_krb5, krb5, sasl, and openldap. On Ubuntu, the linker will throw errors because "libkrb5.so.26, needed by //usr/lib/x86_64-linux- gnu/libgssapi.so.3, may conflict with libkrb5.so." libgssapi.so.3 is required by libldap2-dev as we discussed earlier. On other distro's, they have an option for openldap which relies on MIT Kerberos instead of Heimdal. Installing libsasl2-modules-gssapi-mit doesn't resolve this as openldap still relies on Heimdal instead of MIT Kerberos like the other modules. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1772530 Title: OpenLDAP depends on old version of KRB5 which conflicts with other packages Status in openldap package in Ubuntu: Incomplete Bug description: Currently, Ubuntu 16.04's newest offered version of OpenLDAP is version 2.4.42. This version depends on libgssapi3 which in turn depends libkrb5 version 2.6. Many other common libraries (like gssapi_krb5) depend on libkrb5 3.0. From what I can tell, OpenLDAP version 2.4.44 fixes this issue, but it is not available from any of the Ubuntu repo's. It would be fabulous if this could be fixed. Repo: > # OpenLDAP depends on krb5 2.6 > readelf -d /usr/lib/x86_64-linux-gnu/libldap.so Dynamic section at offset 0x4d548 contains 32 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [liblber-2.4.so.2] 0x0001 (NEEDED) Shared library: [libresolv.so.2] 0x0001 (NEEDED) Shared library: [libsasl2.so.2] 0x0001 (NEEDED) Shared library: [libgssapi.so.3] 0x0001 (NEEDED) Shared library: [libgnutls.so.30] 0x0001 (NEEDED) Shared library: [libpthread.so.0] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libldap_r-2.4.so.2] >readelf -d /usr/lib/x86_64-linux-gnu/libgssapi.so.3 Dynamic section at offset 0x3daa8 contains 34 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [libheimntlm.so.0] 0x0001 (NEEDED) Shared library: [libkrb5.so.26] 0x0001 (NEEDED) Shared library: [libasn1.so.8] 0x0001 (NEEDED) Shared library: [libcom_err.so.2] 0x0001 (NEEDED) Shared library: [libhcrypto.so.4] 0x0001 (NEEDED) Shared library: [libroken.so.18] 0x0001 (NEEDED) Shared library: [libpthread.so.0] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libgssapi.so.3] > # gssapi_krb5 and default krb5 depend on krb5 3.0 > readelf -d /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so Dynamic section at offset 0x47c48 contains 31 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [libkrb5.so.3] 0x0001 (NEEDED) Shared library: [libk5crypto.so.3] 0x0001 (NEEDED) Shared library: [libcom_err.so.2] 0x0001 (NEEDED) Shared library: [libkrb5support.so.0] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libgssapi_krb5.so.2] > readelf -d /usr/lib/x86_64-linux-gnu/libkrb5.so Dynamic section at offset 0xcfcc0 contains 32 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [libk5crypto.so.3] 0x0001 (NEEDED) Shared library: [libcom_err.so.2] 0x0001 (NEEDED) Shared library: [libkrb5support.so.0] 0x0001 (NEEDED) Shared library: [libkeyutils.so.1] 0x0001 (NEEDED) Shared library: [libresolv.so.2] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libkrb5.so.3] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1772530/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1772530] Re: OpenLDAP depends on old version of KRB5 which conflicts with other packages
Hi Dylan, Chances are libldap's dependency on libgssapi is not relevant for you. It's only used by the ldap_gssapi_bind family of functions, which are non-standard and only used by one or two specific applications. Without knowing more about your use case, I would assume that for your purposes you would select the Kerberos implementation by installing one of the two libsasl2-modules-gssapi-* packages I mentioned, as the standard way to use GSSAPI is via the SASL library. MIT and Heimdal both provide conflicting and non-conflicting dev packages: - krb5-multidev provides krb5-config.mit and does not conflict - heimdal-multidev provides krb5-config.heimdal and does not conflict - libkrb5-dev provides krb5-config (symlinked to krb5-config.mit) and conflicts with heimdal-dev - heimdal-dev provides krb5-config (symlinked to krb5-config.heimdal) and conflicts with libkrb5-dev Hope this helps! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1772530 Title: OpenLDAP depends on old version of KRB5 which conflicts with other packages Status in openldap package in Ubuntu: Incomplete Bug description: Currently, Ubuntu 16.04's newest offered version of OpenLDAP is version 2.4.42. This version depends on libgssapi3 which in turn depends libkrb5 version 2.6. Many other common libraries (like gssapi_krb5) depend on libkrb5 3.0. From what I can tell, OpenLDAP version 2.4.44 fixes this issue, but it is not available from any of the Ubuntu repo's. It would be fabulous if this could be fixed. Repo: > # OpenLDAP depends on krb5 2.6 > readelf -d /usr/lib/x86_64-linux-gnu/libldap.so Dynamic section at offset 0x4d548 contains 32 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [liblber-2.4.so.2] 0x0001 (NEEDED) Shared library: [libresolv.so.2] 0x0001 (NEEDED) Shared library: [libsasl2.so.2] 0x0001 (NEEDED) Shared library: [libgssapi.so.3] 0x0001 (NEEDED) Shared library: [libgnutls.so.30] 0x0001 (NEEDED) Shared library: [libpthread.so.0] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libldap_r-2.4.so.2] >readelf -d /usr/lib/x86_64-linux-gnu/libgssapi.so.3 Dynamic section at offset 0x3daa8 contains 34 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [libheimntlm.so.0] 0x0001 (NEEDED) Shared library: [libkrb5.so.26] 0x0001 (NEEDED) Shared library: [libasn1.so.8] 0x0001 (NEEDED) Shared library: [libcom_err.so.2] 0x0001 (NEEDED) Shared library: [libhcrypto.so.4] 0x0001 (NEEDED) Shared library: [libroken.so.18] 0x0001 (NEEDED) Shared library: [libpthread.so.0] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libgssapi.so.3] > # gssapi_krb5 and default krb5 depend on krb5 3.0 > readelf -d /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so Dynamic section at offset 0x47c48 contains 31 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [libkrb5.so.3] 0x0001 (NEEDED) Shared library: [libk5crypto.so.3] 0x0001 (NEEDED) Shared library: [libcom_err.so.2] 0x0001 (NEEDED) Shared library: [libkrb5support.so.0] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libgssapi_krb5.so.2] > readelf -d /usr/lib/x86_64-linux-gnu/libkrb5.so Dynamic section at offset 0xcfcc0 contains 32 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [libk5crypto.so.3] 0x0001 (NEEDED) Shared library: [libcom_err.so.2] 0x0001 (NEEDED) Shared library: [libkrb5support.so.0] 0x0001 (NEEDED) Shared library: [libkeyutils.so.1] 0x0001 (NEEDED) Shared library: [libresolv.so.2] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libkrb5.so.3] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1772530/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe :
[Touch-packages] [Bug 1772530] Re: OpenLDAP depends on old version of KRB5 which conflicts with other packages
Ryan, Ah, MIT vs Heimdal implementations make sense. Is there a way to install openldap with a dependency on MIT kerberos instead of Heimdal? From the dependencies listed at https://packages.ubuntu.com/trusty/libldap-2.4-2, it looks like the default openldap package depends on Heimdal. Also, is there a dev package for the MIT version? I would love to have both the dev and standard packages available. Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1772530 Title: OpenLDAP depends on old version of KRB5 which conflicts with other packages Status in openldap package in Ubuntu: Incomplete Bug description: Currently, Ubuntu 16.04's newest offered version of OpenLDAP is version 2.4.42. This version depends on libgssapi3 which in turn depends libkrb5 version 2.6. Many other common libraries (like gssapi_krb5) depend on libkrb5 3.0. From what I can tell, OpenLDAP version 2.4.44 fixes this issue, but it is not available from any of the Ubuntu repo's. It would be fabulous if this could be fixed. Repo: > # OpenLDAP depends on krb5 2.6 > readelf -d /usr/lib/x86_64-linux-gnu/libldap.so Dynamic section at offset 0x4d548 contains 32 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [liblber-2.4.so.2] 0x0001 (NEEDED) Shared library: [libresolv.so.2] 0x0001 (NEEDED) Shared library: [libsasl2.so.2] 0x0001 (NEEDED) Shared library: [libgssapi.so.3] 0x0001 (NEEDED) Shared library: [libgnutls.so.30] 0x0001 (NEEDED) Shared library: [libpthread.so.0] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libldap_r-2.4.so.2] >readelf -d /usr/lib/x86_64-linux-gnu/libgssapi.so.3 Dynamic section at offset 0x3daa8 contains 34 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [libheimntlm.so.0] 0x0001 (NEEDED) Shared library: [libkrb5.so.26] 0x0001 (NEEDED) Shared library: [libasn1.so.8] 0x0001 (NEEDED) Shared library: [libcom_err.so.2] 0x0001 (NEEDED) Shared library: [libhcrypto.so.4] 0x0001 (NEEDED) Shared library: [libroken.so.18] 0x0001 (NEEDED) Shared library: [libpthread.so.0] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libgssapi.so.3] > # gssapi_krb5 and default krb5 depend on krb5 3.0 > readelf -d /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so Dynamic section at offset 0x47c48 contains 31 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [libkrb5.so.3] 0x0001 (NEEDED) Shared library: [libk5crypto.so.3] 0x0001 (NEEDED) Shared library: [libcom_err.so.2] 0x0001 (NEEDED) Shared library: [libkrb5support.so.0] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libgssapi_krb5.so.2] > readelf -d /usr/lib/x86_64-linux-gnu/libkrb5.so Dynamic section at offset 0xcfcc0 contains 32 entries: TagType Name/Value 0x0001 (NEEDED) Shared library: [libk5crypto.so.3] 0x0001 (NEEDED) Shared library: [libcom_err.so.2] 0x0001 (NEEDED) Shared library: [libkrb5support.so.0] 0x0001 (NEEDED) Shared library: [libkeyutils.so.1] 0x0001 (NEEDED) Shared library: [libresolv.so.2] 0x0001 (NEEDED) Shared library: [libc.so.6] 0x000e (SONAME) Library soname: [libkrb5.so.3] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1772530/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
