RE: problem with kerberos startup and LDAP
Hello All, I have the same problem. See also PR58680. http://www.freebsd.org/cgi/query-pr.cgi?pr=58680 Guys who work on RCNG please consider the proposed solution. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sean McNeil Sent: Monday, December 01, 2003 9:37 AM To: [EMAIL PROTECTED] Subject: problem with kerberos startup and LDAP Hello All, I was having trouble with startup and kdc/kadmin5 failing. Turns out that they were trying to access a shared library in /usr/local/lib (libldap.so.2). Unfortunately, both were getting started before ldconfig. I added ldconfig to the REQUIRE: for kerberos and now all is well. What should be the correct solution? Sean ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: problem with kerberos startup and LDAP
Yes, I use the following in make.conf: WITH_LDAP=openldap2 WITH_OPENLDAP=yes Great, I will give your patch a try. Thanks! Sean On Mon, 2003-12-01 at 10:23, Jacques A. Vidrine wrote: > On Mon, Dec 01, 2003 at 10:10:20AM -0800, Sean McNeil wrote: > > This was with Heimdal from an installation of -CURRENT. I am using LDAP > > functionality, so option (a) below is not an option. Option (b) below > > sounds more difficult than the change I made to /etc/rc.d/kerberos :) > > > > I hadn't thought kerberos would get linked in such a manner, but now > > that you mentioned it here is what it ended up using: > > > > /usr/libexec/kdc: > > libkrb5.so.7 => /usr/lib/libkrb5.so.7 (0x2807e000) > > libhdb.so.7 => /usr/lib/libhdb.so.7 (0x280ba000) > > libroken.so.7 => /usr/lib/libroken.so.7 (0x280ca000) > > libasn1.so.7 => /usr/lib/libasn1.so.7 (0x280d8000) > > libcrypto.so.3 => /lib/libcrypto.so.3 (0x280fe000) > > libcrypt.so.2 => /lib/libcrypt.so.2 (0x28208000) > > libcom_err.so.2 => /usr/lib/libcom_err.so.2 (0x28221000) > > libldap.so.2 => /usr/local/lib/libldap.so.2 (0x28223000) > > liblber.so.2 => /usr/local/lib/liblber.so.2 (0x28254000) > > libc.so.5 => /lib/libc.so.5 (0x2826) > > libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x28337000) > > libssl.so.3 => /usr/local/lib/libssl.so.3 (0x2834a000) > > libcrypto.so.3 => /usr/local/lib/libcrypto.so.3 (0x2837b000) > > > > It only complained about libldap.so.2, so I would guess kerberos is > > using the -rpath for the others? > > > Oh, you must be using `WITH_OPENLDAP'--- an option that I did not even > realize was available in the base system until I looked just now :-) > > Yes, I believe the build is broken and I will correct it after the > code freeze. In the meantime, you might try the following patch and > rebuild the KDC (`make clean' first). > > Cheers, ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: problem with kerberos startup and LDAP
On Mon, Dec 01, 2003 at 10:10:20AM -0800, Sean McNeil wrote:
> This was with Heimdal from an installation of -CURRENT. I am using LDAP
> functionality, so option (a) below is not an option. Option (b) below
> sounds more difficult than the change I made to /etc/rc.d/kerberos :)
>
> I hadn't thought kerberos would get linked in such a manner, but now
> that you mentioned it here is what it ended up using:
>
> /usr/libexec/kdc:
> libkrb5.so.7 => /usr/lib/libkrb5.so.7 (0x2807e000)
> libhdb.so.7 => /usr/lib/libhdb.so.7 (0x280ba000)
> libroken.so.7 => /usr/lib/libroken.so.7 (0x280ca000)
> libasn1.so.7 => /usr/lib/libasn1.so.7 (0x280d8000)
> libcrypto.so.3 => /lib/libcrypto.so.3 (0x280fe000)
> libcrypt.so.2 => /lib/libcrypt.so.2 (0x28208000)
> libcom_err.so.2 => /usr/lib/libcom_err.so.2 (0x28221000)
> libldap.so.2 => /usr/local/lib/libldap.so.2 (0x28223000)
> liblber.so.2 => /usr/local/lib/liblber.so.2 (0x28254000)
> libc.so.5 => /lib/libc.so.5 (0x2826)
> libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x28337000)
> libssl.so.3 => /usr/local/lib/libssl.so.3 (0x2834a000)
> libcrypto.so.3 => /usr/local/lib/libcrypto.so.3 (0x2837b000)
>
> It only complained about libldap.so.2, so I would guess kerberos is
> using the -rpath for the others?
Oh, you must be using `WITH_OPENLDAP'--- an option that I did not even
realize was available in the base system until I looked just now :-)
Yes, I believe the build is broken and I will correct it after the
code freeze. In the meantime, you might try the following patch and
rebuild the KDC (`make clean' first).
Cheers,
--
Jacques Vidrine NTT/Verio SME FreeBSD UNIX Heimdal
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Index: kerberos5/Makefile.inc
===
RCS file: /home/ncvs/src/kerberos5/Makefile.inc,v
retrieving revision 1.19
diff -c -r1.19 Makefile.inc
*** kerberos5/Makefile.inc 18 Jul 2003 13:21:55 - 1.19
--- kerberos5/Makefile.inc 1 Dec 2003 18:21:23 -
***
*** 16,22
OPENLDAPBASE?=/usr/local
LDAPLIBS=-lldap -llber
LDAPCFLAGS=-I${OPENLDAPBASE}/include -DOPENLDAP=1
! LDAPLDADD=-L${OPENLDAPBASE}/lib ${LDAPLIBS}
.endif
.if exists(${.OBJDIR}/../../include)
--- 16,22
OPENLDAPBASE?=/usr/local
LDAPLIBS=-lldap -llber
LDAPCFLAGS=-I${OPENLDAPBASE}/include -DOPENLDAP=1
! LDAPLDADD=-L${OPENLDAPBASE}/lib -Wl,-rpath,${OPENLDAPBASE}/lib ${LDAPLIBS}
.endif
.if exists(${.OBJDIR}/../../include)
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: problem with kerberos startup and LDAP
This was with Heimdal from an installation of -CURRENT. I am using LDAP functionality, so option (a) below is not an option. Option (b) below sounds more difficult than the change I made to /etc/rc.d/kerberos :) I hadn't thought kerberos would get linked in such a manner, but now that you mentioned it here is what it ended up using: /usr/libexec/kdc: libkrb5.so.7 => /usr/lib/libkrb5.so.7 (0x2807e000) libhdb.so.7 => /usr/lib/libhdb.so.7 (0x280ba000) libroken.so.7 => /usr/lib/libroken.so.7 (0x280ca000) libasn1.so.7 => /usr/lib/libasn1.so.7 (0x280d8000) libcrypto.so.3 => /lib/libcrypto.so.3 (0x280fe000) libcrypt.so.2 => /lib/libcrypt.so.2 (0x28208000) libcom_err.so.2 => /usr/lib/libcom_err.so.2 (0x28221000) libldap.so.2 => /usr/local/lib/libldap.so.2 (0x28223000) liblber.so.2 => /usr/local/lib/liblber.so.2 (0x28254000) libc.so.5 => /lib/libc.so.5 (0x2826) libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x28337000) libssl.so.3 => /usr/local/lib/libssl.so.3 (0x2834a000) libcrypto.so.3 => /usr/local/lib/libcrypto.so.3 (0x2837b000) It only complained about libldap.so.2, so I would guess kerberos is using the -rpath for the others? Thanks, Sean On Mon, 2003-12-01 at 05:25, Jacques A. Vidrine wrote: > On Sun, Nov 30, 2003 at 10:37:08PM -0800, Sean McNeil wrote: > > Hello All, > > > > I was having trouble with startup and kdc/kadmin5 failing. Turns out > > that they were trying to access a shared library in /usr/local/lib > > (libldap.so.2). Unfortunately, both were getting started before > > ldconfig. > > > > I added ldconfig to the REQUIRE: for kerberos and now all is well. > > > > What should be the correct solution? > > Let's see: What implementation of Kerberos? (Heimdal, MIT?) > Installed as part of the base system, from the Ports Collection, or by > hand? > > The correct solutions are: > > (a) Do not build Kerberos against OpenLDAP if you do not use > LDAP functionality. > > (b) When building Kerberos, make certain that the linker flags > include an appropriate setting for RPATH, e.g. > `-rpath /usr/local/lib'. > > Cheers, ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: problem with kerberos startup and LDAP
On Sun, Nov 30, 2003 at 10:37:08PM -0800, Sean McNeil wrote: > Hello All, > > I was having trouble with startup and kdc/kadmin5 failing. Turns out > that they were trying to access a shared library in /usr/local/lib > (libldap.so.2). Unfortunately, both were getting started before > ldconfig. > > I added ldconfig to the REQUIRE: for kerberos and now all is well. > > What should be the correct solution? Let's see: What implementation of Kerberos? (Heimdal, MIT?) Installed as part of the base system, from the Ports Collection, or by hand? The correct solutions are: (a) Do not build Kerberos against OpenLDAP if you do not use LDAP functionality. (b) When building Kerberos, make certain that the linker flags include an appropriate setting for RPATH, e.g. `-rpath /usr/local/lib'. Cheers, -- Jacques Vidrine NTT/Verio SME FreeBSD UNIX Heimdal [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[EMAIL PROTECTED]"
