[Bug 809245] New: zypper dup from 12.2 to 12.3 replace /etc/ldap.conf
https://bugzilla.novell.com/show_bug.cgi?id=809245 https://bugzilla.novell.com/show_bug.cgi?id=809245#c0 Summary: zypper dup from 12.2 to 12.3 replace /etc/ldap.conf Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: HP OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: joerg.rohrer@upc-cablecom.ch QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:19.0) Gecko/20100101 Firefox/19.0 zypper dup from 12.2 to 12.3 replace a working /etc/ldap.conf. The original ldap.conf is renamed to .rpmsave. The new "wrong" ldap.conf just contains this: #Don't try forever if the LDAP server is not reacheable bind_policy soft Therefore ldap logins are not working Reproducible: Always Steps to Reproduce: 1. 2. 3. Actual Results: working ldap.conf is replaced Expected Results: just as the new file as .rpmnew -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809245 https://bugzilla.novell.com/show_bug.cgi?id=809245#c1 --- Comment #1 from Joerg Rohrer <joerg.rohrer@upc-cablecom.ch> 2013-03-13 20:44:59 UTC --- Mar 13 18:12:13 alpha.joergi.ch saslauthd[1460]: pam_ldap: missing "host" in file "/etc/ldap.conf" Mar 13 18:12:13 alpha.joergi.ch saslauthd[1460]: DEBUG: auth_pam: pam_authenticate failed: Error in service module Mar 13 18:12:13 alpha.joergi.ch saslauthd[1460]: do_auth : auth failure: [user=joerg] [service=imap] [realm=] [mech=pam] [reason=PAM auth error] Mar 13 18:13:13 alpha.joergi.ch saslauthd[1459]: nss_ldap: could not determine LDAP server from ldap.conf or DNS Mar 13 18:13:13 alpha.joergi.ch saslauthd[1459]: gkr-pam: error looking up user information Mar 13 18:13:13 alpha.joergi.ch saslauthd[1459]: nss_ldap: could not determine LDAP server from ldap.conf or DNS Mar 13 18:13:13 alpha.joergi.ch saslauthd[1459]: pam_ldap: missing "host" in file "/etc/ldap.conf" -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809245 https://bugzilla.novell.com/show_bug.cgi?id=809245#c Christian Boltz <suse-beta@cboltz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |suse-beta@cboltz.de AssignedTo|bnc-team-screening@forge.pr |rhafer@suse.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809245 https://bugzilla.novell.com/show_bug.cgi?id=809245#c2 Ralf Haferkamp <rhafer@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |joerg.rohrer@upc-cablecom.c | |h --- Comment #2 from Ralf Haferkamp <rhafer@suse.com> 2013-03-14 09:12:14 CET --- Could you please paste the output of rpm -qf /etc/ldap.conf? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809245 https://bugzilla.novell.com/show_bug.cgi?id=809245#c3 --- Comment #3 from Joerg Rohrer <joerg.rohrer@upc-cablecom.ch> 2013-03-14 09:28:00 UTC --- alpha:~ # rpm -qf /etc/ldap.conf file /etc/ldap.conf is not owned by any package But the file is obviously needed . At least on my System. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809245 https://bugzilla.novell.com/show_bug.cgi?id=809245#c4 --- Comment #4 from Yang Lifu <yanglifu90@gmail.com> 2013-03-14 19:26:12 UTC --- Retrieving: pam_ldap-32bit-186-4.1.1.x86_64.rpm ..........................[done] Digest verification failed for pam_ldap-32bit-186-4.1.1.x86_64.rpm. Expected 9553409e88e84f568bf624fbd071c5e61732c1df6a10c3950ee370655b6b564d, found 5f304752ec4f997bcbff6018f0ecaea5280e54166e3e3f5a15a1aaae87931f82. Continue? [yes/no] (no): no -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809245 https://bugzilla.novell.com/show_bug.cgi?id=809245#c5 Ralf Haferkamp <rhafer@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P4 - Low Status|NEEDINFO |ASSIGNED InfoProvider|joerg.rohrer@upc-cablecom.c | |h | --- Comment #5 from Ralf Haferkamp <rhafer@suse.com> 2013-03-15 11:11:10 CET --- Hm, up to 12.2 ldap.conf was part of pwdutils. pwdutils got dropped wiht 12.3, which I was not aware of :(. Because of that the file is moved to .rpmsave during update. (The new almost empty ldap.conf was created because of some now broken %post install logic in the nss_ldap package. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809245 https://bugzilla.novell.com/show_bug.cgi?id=809245#c6 --- Comment #6 from Ralf Haferkamp <rhafer@suse.com> 2013-03-15 11:11:53 CET --- (In reply to comment #4)
Retrieving: pam_ldap-32bit-186-4.1.1.x86_64.rpm ..........................[done] Digest verification failed for pam_ldap-32bit-186-4.1.1.x86_64.rpm. Expected 9553409e88e84f568bf624fbd071c5e61732c1df6a10c3950ee370655b6b564d, found 5f304752ec4f997bcbff6018f0ecaea5280e54166e3e3f5a15a1aaae87931f82. Continue? [yes/no] (no): no
I am not sure what you are trying to tell me with that :). But this seems to be completely unrelated to this bug. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809245 https://bugzilla.novell.com/show_bug.cgi?id=809245#c7 --- Comment #7 from Joerg Rohrer <joerg.rohrer@upc-cablecom.ch> 2013-03-15 10:19:03 UTC --- For me it looks like that the /etc/ldap.conf belong to pam_ldap. https://build.opensuse.org/package/view_file?expand=1&file=pam_ldap.spec&pac... man 5 pam_ldap That might Yang tell us;) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809245 https://bugzilla.novell.com/show_bug.cgi?id=809245#c8 Ralf Haferkamp <rhafer@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |maintenance@opensuse.org --- Comment #8 from Ralf Haferkamp <rhafer@suse.com> 2013-03-15 11:38:13 CET --- Submitted fix to Factory: https://build.opensuse.org/request/show/159529 @maintenance: I guess we should issue an update for 12.3 for this (older versions are not affected) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809245 https://bugzilla.novell.com/show_bug.cgi?id=809245#c9 --- Comment #9 from Ralf Haferkamp <rhafer@suse.com> 2013-03-15 11:39:50 CET --- (In reply to comment #7)
For me it looks like that the /etc/ldap.conf belong to pam_ldap. Or nss_ldap. That doesn't matter much I guess :). I just put it into nss_ldap.
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809245 https://bugzilla.novell.com/show_bug.cgi?id=809245#c10 --- Comment #10 from Ralf Haferkamp <rhafer@suse.com> 2013-03-15 11:41:22 CET --- Actually nss_ldap is probably better, because it is pretty easy to use nss_ldap without pam_ldap (e.g. by using pam_krb5 instead). But the other way around doesn't make much sense. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809245 https://bugzilla.novell.com/show_bug.cgi?id=809245#c11 --- Comment #11 from Joerg Rohrer <joerg.rohrer@upc-cablecom.ch> 2013-03-15 10:50:09 UTC --- Hmm. Even if authenticate to a local installed openldap? So, i can get rid of pam_ldap? and use nss_ldap. What will be used if you do a complete yast configuration? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809245 https://bugzilla.novell.com/show_bug.cgi?id=809245#c12 --- Comment #12 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-03-15 12:00:07 CET --- This is an autogenerated message for OBS integration: This bug (809245) was mentioned in https://build.opensuse.org/request/show/159530 Factory / nss_ldap -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809245 https://bugzilla.novell.com/show_bug.cgi?id=809245#c13 --- Comment #13 from Joerg Rohrer <joerg.rohrer@upc-cablecom.ch> 2013-03-15 11:09:10 UTC --- I suggest do the same fix for every package which is trying to install or modify the ldap.conf. I just can say that from a user (Admin) perspective. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809245 https://bugzilla.novell.com/show_bug.cgi?id=809245#c14 --- Comment #14 from Ralf Haferkamp <rhafer@suse.com> 2013-03-15 12:16:04 CET --- (In reply to comment #11)
Hmm. Even if authenticate to a local installed openldap? So, i can get rid of pam_ldap? and use nss_ldap. No. I guess you got me wrong. What I wanted to say is that it is perfectly valid and makes sense in some scenarios (not everywhere) to setup nss_ldap with using pam_ldap. Hence it makes sense to put the ldap.conf file into the nss_ldap package. In most cases people will still have both, nss_ldap and pam_ldap, installed. (Or better: use sssd instead, which is our default of LDAP based users since some time. But we're getting off topic here).
What will be used if you do a complete yast configuration? For resolving and authenticating LDAP based users? sssd nowadays :). Support to setup nss_ldap and pam_ldap has been dropped from YaST in 12.2.
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809245 https://bugzilla.novell.com/show_bug.cgi?id=809245#c15 --- Comment #15 from Ralf Haferkamp <rhafer@suse.com> 2013-03-15 12:17:47 CET --- (In reply to comment #13)
I suggest do the same fix for every package which is trying to install or modify the ldap.conf. I just can say that from a user (Admin) perspective. Huh? What other packages are trying to install/modify /etc/ldap.conf?
Besides that. A file can only be owned by a single package. Which was pwdutils in the past. And will be nss_ldap now. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809245 https://bugzilla.novell.com/show_bug.cgi?id=809245#c16 --- Comment #16 from Joerg Rohrer <joerg.rohrer@upc-cablecom.ch> 2013-03-15 11:37:30 UTC --- I see, sorry for my ignorance. I'm really not aware of things in the background going on, such as package dependencies. I just found the ldap.conf file also in nss_ldap spec file and its owned by nss_ldap. But this would go to far if you have to explain how all those thing play together:). I'm glad (maybe others to) that you fixed the problem. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809245 https://bugzilla.novell.com/show_bug.cgi?id=809245#c17 Benjamin Brunner <bbrunner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|maintenance@opensuse.org | --- Comment #17 from Benjamin Brunner <bbrunner@suse.com> 2013-03-15 13:01:16 CET --- Ralf could you open a maintenancerequest with the updated 12.3-package please? We'll start an update. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809245 https://bugzilla.novell.com/show_bug.cgi?id=809245#c18 Ralf Haferkamp <rhafer@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #18 from Ralf Haferkamp <rhafer@suse.com> 2013-03-15 13:56:30 CET --- Done: https://build.opensuse.org/request/show/159539 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809245 https://bugzilla.novell.com/show_bug.cgi?id=809245#c19 --- Comment #19 from Swamp Workflow Management <swamp@suse.de> 2013-03-21 11:04:33 UTC --- openSUSE-RU-2013:0512-1: An update that has one recommended fix can now be installed. Category: recommended (moderate) Bug References: 809245 CVE References: Sources used: openSUSE 12.3 (src): nss_ldap-265-19.5.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com