On Tue, May 22, 2018 at 05:48:42PM -0000, Dylan Gray wrote: >I know RHEL and SLES have an OpenLDAP version which has a dependency on >MIT Kerberos.
As far as I know the libldap packages in those distros don't directly link a GSSAPI library at all. Ubuntu is the only one I'm aware of that enables this. $ cat /etc/centos-release CentOS release 6.9 (Final) $ ldd /lib64/libldap-2.4.so.2 | grep -e gss -e krb $ If there is a dependency I would guess it's a transitive one, via some intermediate library such as NSS? >Ideally for me, there would be libldap2-mit and libldap2-mit-dev >packages I could apt-get, and all my problems would go away without >breaking anyone. That being said, I know that is kind of a big ask. For future releases I'd be more inclined to just disable the libldap GSSAPI support - it's dead upstream, non-standard, and as far as I know not enabled at all in other distros. For existing Ubuntu stable releases I think we're stuck with the status quo. I'd focus on figuring out what the difference is between your program and others that are apparently able to link both libgssapi-krb5 and libldap. nslcd is one example as I mentioned; adcli looks like another. https://launchpadlibrarian.net/252516279/buildlog_ubuntu-xenial- amd64.adcli_0.8.1-1_BUILDING.txt.gz >libtool: link: gcc -g -O2 -fstack-protector-strong -Wformat >-Werror=format-security -g -Wall -Wstrict-prototypes -Wmissing-declarations >-Wmissing-prototypes -Wnested-externs -Wpointer-arith >-Wdeclaration-after-statement -Wformat=2 -Winit-self -Waggregate-return >-Wno-missing-format-attribute -Wmissing-include-dirs -Wundef >-Wl,-Bsymbolic-functions -Wl,-z -Wl,relro -o adcli computer.o entry.o info.o >tools.o -Wl,-Bsymbolic-functions -Wl,-z -Wl,relro ../library/.libs/libadcli.a >-L/usr/lib/x86_64-linux-gnu/mit-krb5 -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err >-llber -lldap -lresolv >/usr/bin/ld: warning: libkrb5.so.26, needed by >//usr/lib/x86_64-linux-gnu/libgssapi.so.3, may conflict with libkrb5.so.3 That one appears to work despite the conflict... -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1772530 Title: OpenLDAP depends on old version of KRB5 which conflicts with other packages Status in openldap package in Ubuntu: Incomplete Bug description: Currently, Ubuntu 16.04's newest offered version of OpenLDAP is version 2.4.42. This version depends on libgssapi3 which in turn depends libkrb5 version 2.6. Many other common libraries (like gssapi_krb5) depend on libkrb5 3.0. From what I can tell, OpenLDAP version 2.4.44 fixes this issue, but it is not available from any of the Ubuntu repo's. It would be fabulous if this could be fixed. Repo: > # OpenLDAP depends on krb5 2.6 > readelf -d /usr/lib/x86_64-linux-gnu/libldap.so Dynamic section at offset 0x4d548 contains 32 entries: Tag Type Name/Value 0x0000000000000001 (NEEDED) Shared library: [liblber-2.4.so.2] 0x0000000000000001 (NEEDED) Shared library: [libresolv.so.2] 0x0000000000000001 (NEEDED) Shared library: [libsasl2.so.2] 0x0000000000000001 (NEEDED) Shared library: [libgssapi.so.3] 0x0000000000000001 (NEEDED) Shared library: [libgnutls.so.30] 0x0000000000000001 (NEEDED) Shared library: [libpthread.so.0] 0x0000000000000001 (NEEDED) Shared library: [libc.so.6] 0x000000000000000e (SONAME) Library soname: [libldap_r-2.4.so.2] >readelf -d /usr/lib/x86_64-linux-gnu/libgssapi.so.3 Dynamic section at offset 0x3daa8 contains 34 entries: Tag Type Name/Value 0x0000000000000001 (NEEDED) Shared library: [libheimntlm.so.0] 0x0000000000000001 (NEEDED) Shared library: [libkrb5.so.26] 0x0000000000000001 (NEEDED) Shared library: [libasn1.so.8] 0x0000000000000001 (NEEDED) Shared library: [libcom_err.so.2] 0x0000000000000001 (NEEDED) Shared library: [libhcrypto.so.4] 0x0000000000000001 (NEEDED) Shared library: [libroken.so.18] 0x0000000000000001 (NEEDED) Shared library: [libpthread.so.0] 0x0000000000000001 (NEEDED) Shared library: [libc.so.6] 0x000000000000000e (SONAME) Library soname: [libgssapi.so.3] > # gssapi_krb5 and default krb5 depend on krb5 3.0 > readelf -d /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so Dynamic section at offset 0x47c48 contains 31 entries: Tag Type Name/Value 0x0000000000000001 (NEEDED) Shared library: [libkrb5.so.3] 0x0000000000000001 (NEEDED) Shared library: [libk5crypto.so.3] 0x0000000000000001 (NEEDED) Shared library: [libcom_err.so.2] 0x0000000000000001 (NEEDED) Shared library: [libkrb5support.so.0] 0x0000000000000001 (NEEDED) Shared library: [libc.so.6] 0x000000000000000e (SONAME) Library soname: [libgssapi_krb5.so.2] > readelf -d /usr/lib/x86_64-linux-gnu/libkrb5.so Dynamic section at offset 0xcfcc0 contains 32 entries: Tag Type Name/Value 0x0000000000000001 (NEEDED) Shared library: [libk5crypto.so.3] 0x0000000000000001 (NEEDED) Shared library: [libcom_err.so.2] 0x0000000000000001 (NEEDED) Shared library: [libkrb5support.so.0] 0x0000000000000001 (NEEDED) Shared library: [libkeyutils.so.1] 0x0000000000000001 (NEEDED) Shared library: [libresolv.so.2] 0x0000000000000001 (NEEDED) Shared library: [libc.so.6] 0x000000000000000e (SONAME) Library soname: [libkrb5.so.3] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1772530/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
