Bug 596325

Summary: DNS LDAP backend doesn't work with bind-chroot
Product: [Retired] freeIPA Reporter: Rob Crittenden <rcritten>
Component: ipa-serverAssignee: Rob Crittenden <rcritten>
Status: CLOSED WONTFIX QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: low    
Version: 2.0CC: benl, dpal, jgalipea, mkosek, pspacek, ssorce
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-11-24 18:15:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Rob Crittenden 2010-05-26 15:36:33 UTC 
Description of problem:

Starting an IPA-configured bind with bind-chroot installed (the anaconda default) results in the error message:

failed to load driver ldap.so : libldap-2.4.so.2 : cannot open shared object file : no such file or directory

Uninstalling bind-chroot fixes it.

We need to either configure bind to work in the chroot with the ldap backend or document that this does not work and warn users at install time.

Version-Release number of selected component (if applicable):

bind-9.7.0-9.P1.fc13.x86_64
bind-dyndb-ldap-0.1.0-0.8.a1.20091210git.fc13.x86_64
Comment 2 Rob Crittenden 2010-09-27 18:34:29 UTC 
https://fedorahosted.org/freeipa/ticket/126
Comment 3 Simo Sorce 2014-11-24 18:15:11 UTC 
I think it is safe to say we weill not address this issue, as we are adding even more complexity to the bind plugin and setting up a chroot really has little to no benefit and instead requires a lot of work.

For better security in the future ccontainers may become available, if any effort on better containerization will be afforded will be in that direction anyway.

Closed upstream ticket already.