Bug 829237

Summary: /etc/raddb/modules/ldap.rpmnew will be created by an update leading to unexpected ldap module configurtaion
Product: Red Hat Enterprise Linux 5 Reporter: Christoph Szeppek <szeppek>
Component: freeradius2Assignee: John Dennis <jdennis>
Status: CLOSED WONTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 5.8   
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-11-01 17:52:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Christoph Szeppek 2012-06-06 09:52:15 UTC 
Description of problem:
There was an update of freeradius2-ldap. During the update process, /etc/raddb/modules/ldap.rpmnew was created which was evaluated after a restart of radiusd. ldap.rpmnew was evaluated after ldap which overwrites the site specific configuration.

Version-Release number of selected component (if applicable):
freeradius2-ldap.x86_64 2.1.12-3.el5

How reproducible:
always

Steps to Reproduce:
1. update to freeradius2-ldap.x86_64 2.1.12-3.el5
2.
3.
  
Actual results:
There will be a new ldap module config file named /etc/raddb/modules/ldap.rpmnew which overrides the configuration defined in /etc/raddb/modules/ldap.

Expected results:
- No change in the existing configuration

Additional info:
My solution was to delete /etc/raddb/modules/ldap.rpmnew.

One could exclude /etc/raddb/modules/*.rpmnew from the radius configuration loading process to avoid this kind of problem in the future.
Comment 1 Christoph Szeppek 2012-06-06 12:39:48 UTC 
this is a duplicate of 804932
Comment 2 John Dennis 2013-11-01 17:48:48 UTC 
Please see the additional discussion in bug #804932.

This issue is fixed in FreeRADIUS versions >= 2.2.0, the server will ignore certain well known files (including .rpmnew and .rpmsave as well as Debian package files, ~ appended files, etc.).

In general we suggest after applying updates the admin should check for the presence of .rpmnew and .rpmsave files and resolve them.
Comment 3 John Dennis 2013-11-01 17:52:03 UTC 
This Bugzilla has been reviewed by Red Hat and is not planned on being
addressed in Red Hat Enterprise Linux 5, and therefore will be closed.
If this bug is critical to production systems, please contact your Red
Hat support representative and provide sufficient business
justification.