Bug 1233961

Summary: ldap_mapper.so is absent
Product: [Fedora] Fedora Reporter: Steven W. Elling <ellingsw+29044>
Component: pam_pkcs11Assignee: Bob Relyea <rrelyea>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 21CC: extras-qa, mihkulemin, rrelyea, tcallawa
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: pam_pkcs11-0.6.8-6.fc21 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 705896 Environment:
Last Closed: 2015-07-29 01:51:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Steven W. Elling 2015-06-19 20:27:15 UTC 
+++ This bug was initially created as a clone of Bug #705896 +++

Description of problem:
There is no ldap_mapper.so in pam_pkcs11 package

How reproducible:

1. Modify /etc/pam_pkcs11/pam_pkcs11.conf to use the ldap mapper

2. Insert smart card or CAC card into reader

3. "Run pklogin_finder debug"


Actual results:

$> pklogin_finder debug
DEBUG:pam_config.c:248: Using config file /etc/pam_pkcs11/pam_pkcs11.conf
DEBUG:pkcs11_lib.c:187: Initializing NSS ...
DEBUG:pkcs11_lib.c:197: Initializing NSS ... database=/etc/pki/nssdb
DEBUG:pkcs11_lib.c:215: ...  NSS Complete
DEBUG:pklogin_finder.c:71: loading pkcs #11 module...
DEBUG:pkcs11_lib.c:227: Looking up module in list
DEBUG:pkcs11_lib.c:230: modList = 0xdd8fe0 next = 0xde8650

DEBUG:pkcs11_lib.c:231: dllName= <null> 

DEBUG:pkcs11_lib.c:230: modList = 0xde8650 next = 0x0

DEBUG:pkcs11_lib.c:231: dllName= libcoolkeypk11.so 

DEBUG:pklogin_finder.c:79: initialising pkcs #11 module...
PIN for token: 
DEBUG:pkcs11_lib.c:760: cert 0: found ({REDACTED}), "{REDACTED},OU=DoD,O=U.S. Government,C=US"
DEBUG:pkcs11_lib.c:760: cert 1: found ({REDACTED}), "{REDACTED},OU=DoD,O=U.S. Government,C=US"
DEBUG:mapper_mgr.c:172: Retrieveing mapper module list
DEBUG:mapper_mgr.c:95: Loading dynamic module for mapper 'ldap'
DEBUG:mapper_mgr.c:98: dlopen failed for module:  ldap path: /usr/$LIB/pam_pkcs11/ldap_mapper.so Error: /usr/$LIB/pam_pkcs11/ldap_mapper.so: cannot open shared object file: No such file or directory


Additional info:

# rpm -ql pam_pkcs11

/etc/pam_pkcs11
/etc/pam_pkcs11/pam_pkcs11.conf
/etc/pam_pkcs11/pkcs11_eventmgr.conf
/lib64/security/pam_pkcs11.so
/usr/bin/card_eventmgr
/usr/bin/pkcs11_eventmgr
/usr/bin/pkcs11_inspect
/usr/bin/pkcs11_listcerts
/usr/bin/pkcs11_make_hash_link
/usr/bin/pkcs11_setup
/usr/bin/pklogin_finder
/usr/lib64/pam_pkcs11
/usr/lib64/pam_pkcs11/opensc_mapper.so
/usr/lib64/pam_pkcs11/openssh_mapper.so
/usr/share/doc/pam_pkcs11
/usr/share/doc/pam_pkcs11/AUTHORS
/usr/share/doc/pam_pkcs11/COPYING
/usr/share/doc/pam_pkcs11/ChangeLog
/usr/share/doc/pam_pkcs11/NEWS
/usr/share/doc/pam_pkcs11/README
/usr/share/doc/pam_pkcs11/README.autologin
/usr/share/doc/pam_pkcs11/README.mappers
/usr/share/doc/pam_pkcs11/TODO
/usr/share/doc/pam_pkcs11/card_eventmgr.conf.example
/usr/share/doc/pam_pkcs11/digest_mapping.example
/usr/share/doc/pam_pkcs11/mail_mapping.example
/usr/share/doc/pam_pkcs11/mappers_api.html
/usr/share/doc/pam_pkcs11/pam.d_login.example
/usr/share/doc/pam_pkcs11/pam_pkcs11.conf.example
/usr/share/doc/pam_pkcs11/pam_pkcs11.html
/usr/share/doc/pam_pkcs11/pkcs11_eventmgr.conf.example
/usr/share/doc/pam_pkcs11/subject_mapping.example
/usr/share/locale/de/LC_MESSAGES/pam_pkcs11.mo
/usr/share/locale/fr/LC_MESSAGES/pam_pkcs11.mo
/usr/share/locale/nl/LC_MESSAGES/pam_pkcs11.mo
/usr/share/locale/pl/LC_MESSAGES/pam_pkcs11.mo
/usr/share/locale/pt_br/LC_MESSAGES/pam_pkcs11.mo
/usr/share/locale/ru/LC_MESSAGES/pam_pkcs11.mo
/usr/share/locale/tr/LC_MESSAGES/pam_pkcs11.mo
/usr/share/man/man1/card_eventmgr.1.gz
/usr/share/man/man1/pkcs11_eventmgr.1.gz
/usr/share/man/man1/pkcs11_inspect.1.gz
/usr/share/man/man1/pkcs11_listcerts.1.gz
/usr/share/man/man1/pkcs11_setup.1.gz
/usr/share/man/man1/pklogin_finder.1.gz
/usr/share/man/man8/pam_pkcs11.8.gz


Per Bug #705896, this is a bug in SPEC file:

%{?_with_ldap:BuildRequires: openldap-devel}
%{?_with_curl:BuildRequires: curl-devel} 

but actual flags are "with_ldap" "with_curl":
%global with_curl	1
%global with_ldap	1

So, this can be easily fixed, patch in attachment
Comment 1 Fedora Update System 2015-07-08 15:01:02 UTC 
pam_pkcs11-0.6.8-6.fc22 has been submitted as an update for Fedora 22.
https://admin.fedoraproject.org/updates/pam_pkcs11-0.6.8-6.fc22
Comment 2 Fedora Update System 2015-07-08 15:01:08 UTC 
pam_pkcs11-0.6.8-6.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/pam_pkcs11-0.6.8-6.fc21
Comment 3 Fedora Update System 2015-07-13 19:13:28 UTC 
Package pam_pkcs11-0.6.8-6.fc21:
* should fix your issue,
* was pushed to the Fedora 21 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing pam_pkcs11-0.6.8-6.fc21'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2015-11356/pam_pkcs11-0.6.8-6.fc21
then log in and leave karma (feedback).
Comment 4 Fedora Update System 2015-07-29 01:51:54 UTC 
pam_pkcs11-0.6.8-6.fc22 has been pushed to the Fedora 22 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 5 Fedora Update System 2015-07-30 00:52:15 UTC 
pam_pkcs11-0.6.8-6.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.