Bug 159151 - Authconfig update creates a problem with OpenLDAP server
Summary: Authconfig update creates a problem with OpenLDAP server
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: openldap
Version: 4.0
Hardware: All
OS: Linux
Target Milestone: ---
: ---
Assignee: Jay Fenlason
QA Contact: Jay Turner
Depends On:
TreeView+ depends on / blocked
Reported: 2005-05-30 18:33 UTC by Tomas Mraz
Modified: 2015-01-08 00:10 UTC (History)
3 users (show)

Fixed In Version: RHSA-2005-767
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2005-10-17 07:50:10 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2005:767 0 normal SHIPPED_LIVE Moderate: openldap and nss_ldap security update 2005-10-17 04:00:00 UTC

Description Tomas Mraz 2005-05-30 18:33:52 UTC
Description of problem:
Authconfig update in RHEL4 U1 always adds if the authconfig is run a
TLS_CACERTDIR directive to the /etc/openldap/ldap.conf with value
/etc/openldap/cacerts. However this directory is created only if user selects a
TLS option on the LDAP config dialog. The OpenLDAP server fails to start if the
directive is in the ldap.conf file and the directory doesn't exist.

Additional info:
This should be fixed either by openldap creating and owning this directory or by
authconfig - ensuring that it doesn't write the directive to the ldap.conf if
TLS is not on. However I think that the directory should be owned by some
package anyway so the former solution is more correct (and easier as it doesn't
require any code change - only packaging).

Comment 2 Eric Paris 2005-07-05 16:19:50 UTC
Avaya would like to know how we plan to fix this.  Option one seems to be the
best idea.  Please advise.

Comment 8 Red Hat Bugzilla 2005-10-17 07:50:10 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.