[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: fedora and openldap
Hi Harry,
On 04/13/2011 09:06 AM, harry.jede@arcor.de wrote:
Judith Flo Gaya wrote:
On 4/12/11 9:44 PM, Quanah Gibson-Mount wrote:
--On Tuesday, April 12, 2011 9:50 PM +0200 Judith Flo
Gaya<jflo@imppc.org>
wrote:
I'm using the default version of openldap for the clients :
openldap-2.4.22-7.fc14.x86_64
openldap-devel-2.4.22-7.fc14.x86_64
openldap-clients-2.4.22-7.fc14.x86_64
What means this?
Are you using these packages on Client-PCs?
a priori I was doing it, now I compiled from source the same version of
openldap, so now both server and clients have the same openldap
Do you also use these packages on your openldap server?
The versions on the server side were old and I was suggested to update
to a newer version, so I compiled it.
I don't exactly know how to check the way they are compiled..
Use "ldd" on the binary. If they are compiled against MozNSS,
you'll probably have better success using your own built binaries
against OpenSSL.
And don't forget: you should never never mix (openldap) packages from
two different builds on one machine. Such a setup can work well, but it
is for power users :-) .
Yes, my idea was to get rid of the rpm packages after installing the
source one, but I can get rid of the openldap-$version because it has
plenty of dependencies, so I linked to /usr/local so that libraries and
binaries can be found by the system before the rpm ones.
One of the packages that uses these libraries is nss_pam_ldapd, maybe
that's why now the ldapsearch is working but the authentication is not
I can't do id <user>, it complains about a TLS negotiation problem :
Apr 13 09:55:25 curri0 slapd[2025]: conn=1063 fd=39 ACCEPT from
IP=<client_ip>:44725 (IP=0.0.0.0:636)
Apr 13 09:55:25 curri0 slapd[2025]: conn=1063 fd=39 closed (TLS
negotiation failure)
Apr 13 09:55:25 curri0 slapd[2025]: connection_read(39): no connection!
Apr 13 09:55:25 curri0 slapd[2025]: connection_read(39): no connection!
I have no experience with fedora, so I can not really help you. But in
general, you may do it like this:
1. Check the packages meta information to find from which source package
they are build.
2. Download these source packages
3. Downlod the developer packages which are needed to build your package
4. Download the openssl developer package
5. Change the config from moznss to openssl
6. Build the new packages
7. Test them on one or two machines
8. Distribute them to all your Fedora machines
The devel packages and the openssl were already installed and the make
depend worked without problem, so I only download, configure
(with-tls=openssl) and installed this newer version, but still it
doesn't work ;(
I'll try to link the ldap libraries under /usr/lib64 to the new ones and
see if I can fool the system to use mines.
I'm told that I can also manage to make the openldap rpm version that
uses the moznss library to accept a .pem file, I thought that in this
way it would be much easier, but now I'm no longer sure...
Thanks for your help!
j
This is the result
# ldd /usr/bin/ldapsearch
linux-vdso.so.1 => (0x00007fff71dff000)
libldap-2.4.so.2 => /usr/lib64/libldap-2.4.so.2
(0x000000303a400000) liblber-2.4.so.2 => /usr/lib64/liblber-2.4.so.2
(0x000000303ac00000) libsasl2.so.2 => /usr/lib64/libsasl2.so.2
(0x0000003038000000) libcrypt.so.1 => /lib64/libcrypt.so.1
(0x0000003033a00000) libresolv.so.2 => /lib64/libresolv.so.2
(0x0000003023a00000) libssl3.so => /usr/lib64/libssl3.so
May be this is a mozilla ssl library.
an openssl library looks so:
libssl.so.0.9.8 => /usr/lib/libssl.so.0.9.8 (0x00007f48c1dc4000)
this is a gnutls library:
libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0x00007f6a525ce000)
(0x0000003036a00000) libsmime3.so => /usr/lib64/libsmime3.so
(0x0000003036e00000) libnss3.so => /usr/lib64/libnss3.so
(0x0000003035200000) libnssutil3.so => /usr/lib64/libnssutil3.so
(0x0000003036200000) libplds4.so => /lib64/libplds4.so
(0x0000003035a00000)
libplc4.so => /lib64/libplc4.so (0x0000003034e00000)
libnspr4.so => /lib64/libnspr4.so (0x0000003035e00000)
libc.so.6 => /lib64/libc.so.6 (0x0000003021a00000)
libdl.so.2 => /lib64/libdl.so.2 (0x0000003022200000)
libfreebl3.so => /lib64/libfreebl3.so (0x0000003033e00000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x0000003022600000)
libz.so.1 => /lib64/libz.so.1 (0x0000003023200000)
/lib64/ld-linux-x86-64.so.2 (0x0000003021200000)
As I see libssl3.so... I would say that openssl is used...
# rpm -qf /usr/lib64/libnss3.so
nss-3.12.7-6.fc14.x86_64
# rpm -qf /usr/lib64/libnssutil3.so
nss-util-3.12.7-2.fc14.x86_64
j
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
--
Judith Flo Gaya
Systems Administrator IMPPC
e-mail: jflo@imppc.org
Tel (+34) 93 554-3079
Fax (+34) 93 465-1472
Institut de Medicina Predictiva i Personalitzada del Càncer
Crta Can Ruti, Camí de les Escoles s/n
08916 Badalona, Barcelona,
Spain
http://www.imppc.org