Re: Issue upgrading openldap-clients from 2.4.19-15 to 2.4.23-20

[Rich Megginson <rich.megginson@gmail.com>]

On 05/23/2012 10:37 AM, Esther Garcia wrote:

Hi all,

We have an OpenLDAP server (RHEL6) running version 2.4.23-15, and we have clients in RHEL5 and RHEL6.

With clients in RHEL5 works properly but I found some problems with RHEL6 clients in versions newer than 2.4.19-15.

In the clients, if I try to upgrade to new versions than 2.4.19-15 then the client stops working:

[root@XX ~]# rpm -qa | grep openldap

openldap-2.4.19-15.el6.x86_64

openldap-clients-2.4.19-15.el6.x86_64

[root@XX ~]# ldapsearch -x -D 'cn=authenticate, ou=System,dc=test, dc=es' '(objectclass=*)' -W -ZZ

Enter LDAP Password: 

# extended LDIF

#

# LDAPv3

......

[root@XX ~]# id esther

uid=63004(esther) gid=50041(test) groups=50041(test)

[root@XX ~]# yum upgrade openldap*

.....

  Updating   : openldap-2.4.23-20.el6.x86_64                                                                                                                                                     1/4 

warning: /etc/openldap/ldap.conf created as /etc/openldap/ldap.conf.rpmnew

  Updating   : openldap-clients-2.4.23-20.el6.x86_64                                                                                                                                             2/4 

  Cleanup    : openldap-clients-2.4.19-15.el6.x86_64                                                                                                                                             3/4 

  Cleanup    : openldap-2.4.19-15.el6.x86_64                                                                                                                                                     4/4 

Updated:

  openldap.x86_64 0:2.4.23-20.el6                                                               openldap-clients.x86_64 0:2.4.23-20.el6                                                              

Complete!

[root@XX ~]# service nslcd restart

Stopping nslcd:                                            [  OK  ]

Starting nslcd:                                            [  OK  ]

[root@XX ~]# id esther

id: esther: No such user

[root@XX ~]# ldapsearch -x -D 'cn=authenticate, ou=System,dc=test, dc=es' '(objectclass=*)' -W -ZZ

ldap_start_tls: Connect error (-11)

try adding -d 1 - ldapsearch -d 1 -x ....

I have the same configuration files that used with the older version. I use these configuration files:

/etc/pam_ldap.conf:

base dc=test,dc=es

binddn cn=authenticate,ou=System,dc=test,dc=es

bindpw XXXX

timelimit 120

bind_timelimit 120

idle_timelimit 3600

pam_lookup_policy yes

pam_password exop

nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm

ssl start_tls

uri ldap://ldap1-test ldap://ldap2-test

tls_cacertdir /etc/openldap/cacerts

pam_password md5

/etc/nslcd.conf

uid nslcd

gid ldap

uri ldap://ldap1-test ldap://ldap2-test

base dc=test,dc=es

binddn cn=authenticate,ou=System,dc=test,dc=es

bindpw XXXX

ssl start_tls

tls_cacertdir /etc/openldap/cacerts

timelimit 120

bind_timelimit 120

idle_timelimit 3600

/etc/openldap/ldap.conf:

URI ldap://ldap1-test/ ldap://ldap2-test/

BASE dc=test,dc=es

TLS_CACERT /etc/openldap/cacerts/catest.crt

CAcert file:

[root@XX ~]# ls -l /etc/openldap/cacerts/catest.crt

-rw-r--r--. 1 root root 1655 May 23 15:23 /etc/openldap/cacerts/catest.crt

Any idea on what the issue is? Am I missing anything?

Thanks in advance,

Esther