Project

General

Profile

Actions

Feature #16157

open

Kerberos package linked against LDAP, instead OpenLDAP distribution

Added by Predrag Zečević 4 months ago. Updated 3 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:
External Bug:

Description

Hi all,

I have this installed:

NAME (PUBLISHER)                                  VERSION                    IFO
library/openldap                                  2.6.6-2023.0.0.0           i--
naming/ldap                                       0.5.11-2023.0.0.21949      i--

and seems like kerberos is compiled against (OLD) naming/ldap libraries (which does not have SSL/TLS enabled):
:; pfexec pkg uninstall -vn naming/ldap
Creating Plan (Solver setup): -
pkg uninstall: Unable to remove 'naming/ldap@0.5.11-2023.0.0.21949' due to the following packages that depend on it:
  system/security/kerberos-5@0.5.11-2023.0.0.21949

We can (with removal of naming/ldap package):
  • have Kerberos utilities using OpenLDAP (e.g. recompile against it)
  • rename (ATM) openldap{search,modify,etc..} utilities to ldap{search,modify,etc..}

Right now, we have old LDAP (I guess back from Soraris/OpenSolaris time):

:; pkg contents naming/ldap | grep /bin/
usr/bin/ldapadd
usr/bin/ldapdelete
usr/bin/ldapmodify
usr/bin/ldapmodrdn
usr/bin/ldapsearch

:; pkg contents library/openldap | grep /bin/
usr/bin/openldapadd
usr/bin/openldapcompare
usr/bin/openldapdelete
usr/bin/openldapexop
usr/bin/openldapmodify
usr/bin/openldapmodrdn
usr/bin/openldappasswd
usr/bin/openldapsearch
usr/bin/openldapurl
usr/bin/openldapvc
usr/bin/openldapwhoami

Regards.

Actions #1

Updated by Marcel Telka 4 months ago

  • Project changed from OpenIndiana Distribution to illumos gate
  • Target version deleted (2021.04)

Both system/security/kerberos-5 and naming/ldap comes from illumos-gate and I doubt it is possible to build system/security/kerberos-5 against externally provided OpenLDAP.

Actions #2

Updated by Predrag Zečević 3 months ago

Thanks Marcel!

Thanks for moving this to proper project...

Regards.

P.S. How can I see what comes from Illumos-gate (not easy to check/see here: https://hipster.openindiana.org/jenkins/job/illumos-gate/)?

Actions #3

Updated by Marcel Telka 3 months ago

OpenIndiana currently stores such info in the package metadata:

$ pkg contents -mr pkg:/system/security/kerberos-5 | grep '^set.*illumos-gate'
set name=illumos-gate.info.git-remote value=https://github.com/illumos/illumos-gate.git
set name=illumos-gate.info.git-branch value=master
set name=illumos-gate.info.git-rev value=71cf28228984f46288b4de8830951445a1f517ca
$ pkg contents -mr pkg:/network/ssh | grep '^set.*illumos-gate'
$

The exact OpenIndiana component name (the path in the oi-userland git repo where the package is build from) is stored in userland.info.component, but such attribute is currently not set (yet) for illumos-gate packages:
$ pkg contents -mr pkg:/network/ssh | grep '^set.*userland.info.component'
set name=userland.info.component value=network/openssh
$

Actions

Also available in: Atom PDF