11:10 p.m.
Something in a recent round of updates seems to have hosed use of
LDAP-based user accounts for my rawhide installation. (My LDAP server
is on a different machine; the rawhide one just doesn't seem to be able
to use it.)
Is anyone else seeing this?
--
Braden McDaniel <braden(a)endoframe.com>
7:36 a.m.
On Wednesday 09 February 2011 06:10:25, Braden McDaniel wrote:
Something in a recent round of updates seems to have hosed use of
LDAP-based user accounts for my rawhide installation. (My LDAP server
is on a different machine; the rawhide one just doesn't seem to be able
to use it.)
Hi Braden,
please, can you be more specific? Which versions of openldap-servers,
openldap-clients, pam_ldap, nss_ldap, etc. do you have installed?
Are you using SSL/TLS? Is ldapsearch on your rawhide machine working?
Jan
11:31 a.m.
On Wed, 2011-02-09 at 14:36 +0100, Jan Vcelak wrote:
On Wednesday 09 February 2011 06:10:25, Braden McDaniel wrote:
> Something in a recent round of updates seems to have hosed use of
> LDAP-based user accounts for my rawhide installation. (My LDAP server
> is on a different machine; the rawhide one just doesn't seem to be able
> to use it.)
Hi Braden,
please, can you be more specific? Which versions of openldap-servers,
openldap-clients, pam_ldap, nss_ldap, etc. do you have installed?
openldap-servers, pam_ldap, and nss_ldap are not installed on the
rawhide machine. openldap-clients is version 2.4.23-8.fc15.
The server is running Fedora 14. It has:
openldap-servers: 2.4.23-4.fc14
openldap-clients: 2.4.23-4.fc14
pam_ldap: 185-5.fc14
nss_ldap: 265-6.fc14
Are you using SSL/TLS?
No.
Is ldapsearch on your rawhide machine working?
It is. What's not working is logging in as a user other than root. I
can't even su to a user other than root.
I am using Kerberos for user authentication; however, "kinit <user>"
works fine from the rawhide machine.
--
Braden McDaniel <braden(a)endoframe.com>
4:19 a.m.
On Wednesday 09 February 2011 18:31:21, Braden McDaniel wrote:
> Is ldapsearch on your rawhide machine working?
It is. What's not working is logging in as a user other than root. I
can't even su to a user other than root.
I am using Kerberos for user authentication; however, "kinit <user>"
works fine from the rawhide machine.
This doesn't seem like openldap issue to me. I suggest identifying the problem
(package) by trying to downgrade openldap-clients, krb5, pam_krb5, etc.
Jan
7:18 a.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/09/2011 12:31 PM, Braden McDaniel wrote:
On Wed, 2011-02-09 at 14:36 +0100, Jan Vcelak wrote:
> On Wednesday 09 February 2011 06:10:25, Braden McDaniel wrote:
>> Something in a recent round of updates seems to have hosed use of
>> LDAP-based user accounts for my rawhide installation. (My LDAP server
>> is on a different machine; the rawhide one just doesn't seem to be able
>> to use it.)
>
> Hi Braden,
>
> please, can you be more specific? Which versions of openldap-servers,
> openldap-clients, pam_ldap, nss_ldap, etc. do you have installed?
openldap-servers, pam_ldap, and nss_ldap are not installed on the
rawhide machine. openldap-clients is version 2.4.23-8.fc15.
The server is running Fedora 14. It has:
openldap-servers: 2.4.23-4.fc14
openldap-clients: 2.4.23-4.fc14
pam_ldap: 185-5.fc14
nss_ldap: 265-6.fc14
> Are you using SSL/TLS?
No.
> Is ldapsearch on your rawhide machine working?
It is. What's not working is logging in as a user other than root. I
can't even su to a user other than root.
I am using Kerberos for user authentication; however, "kinit <user>"
works fine from the rawhide machine.
I suspect you are using SSSD to handle LDAP logins. This was broken in
rawhide yesterday because I pushed a new version of libldb that
apparently broke ABI without an SO bump. I have subsequently reverted
this change. Please downgrade to libldb-0.9.10-25.fc15 and SSSD will
work again.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk1T5aQACgkQeiVVYja6o6NPKgCfRcKjKCEvCe/W3W9isTer057T
yk0AniyuYIwxCWHkc9KFcTHX8v9TJ6YV
=JsAH
-----END PGP SIGNATURE-----
12:08 p.m.
On Thu, 2011-02-10 at 08:18 -0500, Stephen Gallagher wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/09/2011 12:31 PM, Braden McDaniel wrote:
> On Wed, 2011-02-09 at 14:36 +0100, Jan Vcelak wrote:
>> On Wednesday 09 February 2011 06:10:25, Braden McDaniel wrote:
>>> Something in a recent round of updates seems to have hosed use of
>>> LDAP-based user accounts for my rawhide installation. (My LDAP server
>>> is on a different machine; the rawhide one just doesn't seem to be able
>>> to use it.)
>>
>> Hi Braden,
>>
>> please, can you be more specific? Which versions of openldap-servers,
>> openldap-clients, pam_ldap, nss_ldap, etc. do you have installed?
>
> openldap-servers, pam_ldap, and nss_ldap are not installed on the
> rawhide machine. openldap-clients is version 2.4.23-8.fc15.
>
> The server is running Fedora 14. It has:
>
> openldap-servers: 2.4.23-4.fc14
> openldap-clients: 2.4.23-4.fc14
> pam_ldap: 185-5.fc14
> nss_ldap: 265-6.fc14
>
>> Are you using SSL/TLS?
>
> No.
>
>> Is ldapsearch on your rawhide machine working?
>
> It is. What's not working is logging in as a user other than root. I
> can't even su to a user other than root.
>
> I am using Kerberos for user authentication; however, "kinit
<user>"
> works fine from the rawhide machine.
>
I suspect you are using SSSD to handle LDAP logins.
Correct.
This was broken in
rawhide yesterday because I pushed a new version of libldb that
apparently broke ABI without an SO bump. I have subsequently reverted
this change. Please downgrade to libldb-0.9.10-25.fc15 and SSSD will
work again.
That did it. Thanks!
--
Braden McDaniel <braden(a)endoframe.com>
12:49 a.m.
On Thu, 2011-02-10 at 08:18 -0500, Stephen Gallagher wrote:
I suspect you are using SSSD to handle LDAP logins. This was broken
in
rawhide yesterday because I pushed a new version of libldb that
apparently broke ABI without an SO bump. I have subsequently reverted
this change. Please downgrade to libldb-0.9.10-25.fc15 and SSSD will
work again.
Figuring this would be fixed by now, I upgraded to libldb-1.0.2-1.fc16;
but now I'm seeing the same problem again.
What's the state of this?
(Unfortunately, yum is no longer letting me downgrade after upgrading to
this version.)
--
Braden McDaniel <braden(a)endoframe.com>
2:07 a.m.
On Sun, Feb 27, 2011 at 01:49:31AM -0500, Braden McDaniel wrote:
On Thu, 2011-02-10 at 08:18 -0500, Stephen Gallagher wrote:
> I suspect you are using SSSD to handle LDAP logins. This was broken in
> rawhide yesterday because I pushed a new version of libldb that
> apparently broke ABI without an SO bump. I have subsequently reverted
> this change. Please downgrade to libldb-0.9.10-25.fc15 and SSSD will
> work again.
Figuring this would be fixed by now, I upgraded to libldb-1.0.2-1.fc16;
but now I'm seeing the same problem again.
What's the state of this?
(Unfortunately, yum is no longer letting me downgrade after upgrading to
this version.)
sssd has been rebuild to use the latest libldb. Please try
sssd-1.5.1-9.fc16.
bye,
Sumit
--
Braden McDaniel <braden(a)endoframe.com>
--
devel mailing list
devel(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
4806
days inactive
4825
days old
7 comments
4 participants
participants (4)
-
Braden McDaniel -
Jan Vcelak -
Stephen Gallagher -
Sumit Bose