On Tue, Aug 12, 2014 at 06:36:05PM -0700, Daniel Jung wrote:
Installed openldap 2.4.23 manually; There are quite a few packages
depending on the libldap and liblber which i had to force to reinstall.
force is usually not a good idea in a production environment, I hope it
was a test VM :-)
SSSD already depends on openldap-24 (libldap-2.4.so.2 in particular)
in RHEL5 in order to support the async functionality.
It doesnt sigsegv now but i am getting
Wed Aug 13 03:09:37:761645 2014) [sssd[be[LDAP]]] [sdap_connect_done]
(0x0080): START TLS result: Success(0), (null)
(Wed Aug 13 03:09:37:761687 2014) [sssd[be[LDAP]]] [sdap_connect_done]
(0x0080): ldap_install_tls failed: [Connect error] [unknown error]
And my ldapsearch -ZZ -x doesnt work anymore. Obviously this is bad
libldap?
Before you upgraded to 2.4, did ldapsearch -ZZ work OK?
So using 1.5.1, my ldapsearch -ZZ works fine but sssd_be sigsegv when
trying to use pam with password. And using 1.9.6 with openldap-2.4 lib,
sssd with pam + password doesnt work plus and it doesnt work with
ldapsearch ( this probably has to do with compat+ldap ?)
Anyone out there using sssd in centos 5 with PAM + password auth?
I don't have a RHEL-5 VM around at the moment, but our QE qualifies the
LDAP authentication on RHEL-5...
The places in code that did segfault for you was patched upstream:
https://git.fedorahosted.org/cgit/sssd.git/commit/?id=7ab7fd0b4e4efd80113...
https://git.fedorahosted.org/cgit/sssd.git/commit/?id=5fe6ca5e339fd345119...
But I wouldn't expect you to hit those issues except for a very busy
environment where servers come and go...