On Tue, Aug 29, 2006 at 10:47:45AM +0200, Ralph Angenendt enlightened us:

Matt Hyclak wrote:

...

Has anyone tried to get the OpenLDAP in c4-testing to do authentication? I keep getting this in my logs:

Aug 28 14:44:58 finite sshd: PAM [dlerror: /usr/lib64/libldap-2.2.so.7: undefined symbol: SSL_CTX_set_tmp_rsa_callback]

Still on 4.3:

[angenenr@shutdown lib]$rpm -qf libldap.a openldap-devel-2.2.13-4 [angenenr@shutdown lib]$nm libldap.a | grep rsa_callback nm: kbind.o: no symbols nm: U SSL_CTX_set_tmp_rsa_callback version.o: no symbols [angenenr@shutdown lib]$

You might want to look if "your" libldap.a still has that symbol in it ...

[root@finite ~]# nm /usr/lib64/libldap.a | grep rsa_callback nm: kbind.o: no symbols U SSL_CTX_set_tmp_rsa_callback

Yep...

I've also tried updating the FC Devel to 2.3.27 (per the suggestion of the RH OpenLDAP maintainer) with the same results. I'm going to try rebuilding directly on the server to make sure it's not something stupid on the build server.

Matt

On Tue, 2006-08-29 at 09:35 -0400, Matt Hyclak wrote:

On Tue, Aug 29, 2006 at 07:49:50AM -0400, Matt Hyclak enlightened us:

...

On Tue, Aug 29, 2006 at 10:47:45AM +0200, Ralph Angenendt enlightened us:

...

Matt Hyclak wrote:

...

Has anyone tried to get the OpenLDAP in c4-testing to do authentication? I keep getting this in my logs:

Aug 28 14:44:58 finite sshd: PAM [dlerror: /usr/lib64/libldap-2.2.so.7: undefined symbol: SSL_CTX_set_tmp_rsa_callback]

Still on 4.3:

[angenenr@shutdown lib]$rpm -qf libldap.a openldap-devel-2.2.13-4 [angenenr@shutdown lib]$nm libldap.a | grep rsa_callback nm: kbind.o: no symbols nm: U SSL_CTX_set_tmp_rsa_callback version.o: no symbols [angenenr@shutdown lib]$

You might want to look if "your" libldap.a still has that symbol in it ...

[root@finite ~]# nm /usr/lib64/libldap.a | grep rsa_callback nm: kbind.o: no symbols U SSL_CTX_set_tmp_rsa_callback

Yep...

I've also tried updating the FC Devel to 2.3.27 (per the suggestion of the RH OpenLDAP maintainer) with the same results. I'm going to try rebuilding directly on the server to make sure it's not something stupid on the build server.

The problem is in nss_ldap - it needs to be recompiled against the new openldap libraries (even with compat-openldap installed).

Whoever is maintaining those in c4-testing should probably rebuild nss_ldap as well.

Thanks Matt ....

Evolution, build that :)

On Tue, Aug 29, 2006 at 10:34:37AM -0400, Jim Perrin enlightened us:

This is what I get for not running ldap at the house to test...

...

Thanks Matt ....

Yeah, thanks for catching that

...

Evolution, build that :)

God you're demanding! Functional packages, stable OS, proper build environment... JEEEEEZ, next you're gonna tell me that you won't build the kernel with a beta version of gcc!

:-P

/I'm going to hell for dragging that up again.....

I doubt that's the only reason.

I don't know what the policy for testing is (or I suppose ultimately CentOS-Plus) - but you may want to wait a day or two for Jay to release the 2.3.27 SRPM for FC Devel. He said there were some issues with the 2.3.19 version. That is if -plus can have things from rawhide, er, FC Devel.

Matt