Fedora Account System
Red Hat Associate
Red Hat Customer
Description of problem: openldap was recently built against openssl in rawhide. This breaks a number of applications such as 389, freeipa, dogtag, etc. Version-Release number of selected component (if applicable): rawhide How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: openldap is built with moznss Additional info:
Proposed as a Blocker for 22-beta by Fedora user sgallagh using the blocker tracking app because: This issue subtly (and sometimes non-subtly) breaks many features of the Domain Controller Role for Fedora Server.
Discussed at 2015-02-02 blocker review meeting: http://meetbot.fedoraproject.org/fedora-blocker-review/2015-02-02/f22-blocker-review.2015-02-02-17.06.log.txt . Accepted as a Beta blocker - we trust sgallagh's assessment that it violates the given criterion. However, sgallagh, could we ask for a few more details on exactly what it breaks, so we can double check and do follow-up testing? Thanks.
Specifically - it is going to break any outgoing LDAP TLS/SSL connection from any 389 related package. So things like replication/chaining/pass-through-auth/windows sync from 389; most 389-admin/389-adminutil operations, including operations invoked via CGI from the 389-console packages; and 389-dsgw. IPA will be affected because of replication and windows sync.
Is this going to be addressed for the upcoming F22 Alpha? The non-backwards compatible change to use openssl is going to break a number of features as mentioned in comment#1, and it should be reverted as soon as possible.