Bug 742592

Summary: openldap built without tcp_wrappers
Product: Red Hat Enterprise Linux 6 Reporter: Terje Røsten <terje.rosten>
Component: openldapAssignee: Jan Vcelak <jvcelak>
Status: CLOSED ERRATA QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.1CC: ebenes, jplans, jvcelak, omoris, ovasik, tsmetana
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openldap-2.4.23-20.el6 Doc Type: Bug Fix
Doc Text:
- openldap-server installed - host based ACLs do not work - updated configure flags to enable TCP wrappers - host based ACLs work
 Story Points: ---
Clone Of:
: 743213 (view as bug list) Environment:
Last Closed: 2011-12-06 11:49:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 743213    

Description Terje Røsten 2011-09-30 17:00:08 UTC 
Description of problem:

Seems like opeldap is built without tcp_wrappers support in RHEL6.

Is that by design or a bug?

I believe RHEL5 openldap packages had tcp_wrappers enabled?
Comment 2 Jan Vcelak 2011-10-04 09:14:10 UTC 
I can confirm that this is a regression between RHEL-6 and RHEL-6.1. It was brought in by package rebase.

The fix is easy:

diff -u -r1.130 openldap.spec
--- openldap.spec       20 Sep 2011 11:52:35 -0000      1.130
+++ openldap.spec       4 Oct 2011 09:10:54 -0000
@@ -245,7 +245,7 @@
     --with-tls=no \
     --with-cyrus-sasl \
     \
-    --with-wrappers \
+    --enable-wrappers \
     \
     --enable-passwd \
     \
Comment 3 Ondrej Moriš 2011-10-04 09:28:25 UTC 
Why do we need it?
Comment 5 Terje Røsten 2011-10-04 10:02:33 UTC 
Well, in RHEL5 I used it for access control.

Of course the server supports ip based acl and there are always iptables available. However, at least the change must be documented.
Comment 8 Jan Vcelak 2011-10-04 12:07:30 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
- openldap-server installed
- host based ACLs do not work
- updated configure flags to enable TCP wrappers
- host based ACLs work
Comment 11 errata-xmlrpc 2011-12-06 11:49:48 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1514.html