Hello,
On 5-Nov-03 at 11:16, Luca Berra ([EMAIL PROTECTED]) wrote:
> On Wed, Nov 05, 2003 at 10:59:32AM +0100, Dominique Petitpierre wrote:
> > .....
> > .... My strace
> >observations showed that the process would fail right after reading
> >ldap.conf, before any connection is established. So maybe the
> which version of ldap are you speaking about?
> 207 should exibit the problem only if it finds an
> uniqueMember in the cn=...,ou=Group,dc=...,dc=..
> 211 would exibit the problem immediatly (independent of sslpath)
I tested this with nss_ldap-207-2mdk from Mandrake 9.2,
but I assume all the other bad versions would behave the
same for that matter:
# rpm -q nss_ldap
nss_ldap-207-2mdk
# strace getent passwd etutest1 | & tail
rt_sigprocmask(SIG_BLOCK, [PIPE], [], 8) = 0
getpid() = 5047
geteuid32() = 0
open("/etc/ldap.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=410, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4018b000
read(3, "host people.unige.ch\nbase ou=peo"..., 4096) = 410
writev(2, [{"getent", 6}, {": ", 2}, {"relocation error", 16}, {": ", 2},
{"/lib/libnss_ldap.so.2", 21}, {": ", 2}, {"undefined symbol: dbopen", 24}, {"", 0},
{"", 0}, {"\n", 1}], 10getent: relocation error: /lib/libnss_ldap.so.2: undefined
symbol: dbopen
) = 74
exit_group(127) = ?
As you can see there is no system call between reading
/etc/ldap.conf and printing the error message; in particular the ldap
server is not contacted. Hence my deduction that something
in ldap.conf triggers the dbopen linking.
> .....
> >So I am still inclined to think that "sslpath /etc/ssl/certs/cert7.db"
> >is what triggered the symptoms I observed with the old nss_ldap version.
> looking at the source code it does not work this way....
> ....
OK! I was silly to doubt the sources!
What I don't understand is why my ldap.conf triggered the problem
and not Buchan Milne's or Florin's cf.
http://archives.mandrakelinux.com/cooker/2003-10/msg03181.php
At the time, Stefan van der Eijk also had an ldap.conf triggering the
undefined symbol symptom, cf.
http://archives.mandrakelinux.com/cooker/2003-09/msg05432.php
Best regards,
Dominique
--
* Unsolicited commercial email is NOT welcome at this address. *
Mr Dominique Petitpierre Email: [EMAIL PROTECTED]
Division Informatique User=Dominique.Petitpierre
University of Geneva Domain=adm.unige.ch
24 rue General-Dufour Voice: +41/22/37 97117
CH-1204 GENEVA Fax : +41/22/37 97986
(Switzerland) WWW : http://www.unige.ch/dinf/
