RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 548475 - move openldap libraries from /usr/lib to /lib
Summary: move openldap libraries from /usr/lib to /lib
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: openldap
Version: 6.1
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Jan Vcelak
QA Contact: Ondrej Moriš
URL:
Whiteboard:
Depends On:
Blocks: 548479
TreeView+ depends on / blocked
 
Reported: 2009-12-17 15:01 UTC by Eduard Benes
Modified: 2013-03-04 01:27 UTC (History)
7 users (show)

Fixed In Version: openldap-2.4.23-13.el6
Doc Type: Bug Fix
Doc Text:
- have diskless station with program which requires OpenLDAP libraries (e.g. audispd-zos-remote) and is used during the boot - tool will fail as /usr/lib is not available at the boot time - moved all OpenLDAP libraries from /usr/lib to /lib - tools using OpenLDAP libraries on diskless stations can use these libraries even during boot
Clone Of:
Environment:
Last Closed: 2011-05-19 13:59:29 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:0673 0 normal SHIPPED_LIVE openldap bug fix and enhancement update 2011-05-18 18:10:44 UTC

Description Eduard Benes 2009-12-17 15:01:33 UTC 
Description of problem:
Currently /sbin/audispd-zos-remote relies on several libs in /usr. Moving those libraries from /usr/lib{,64}/ -> to /lib{,64} should be considered for disk-less systems and possible security issues.

Version-Release number of selected component (if applicable):
audispd-plugins-1.7.17-3.el5

How reproducible:
always

Steps to Reproduce:
1. run tps-rpmtest on the audit package [1]  
2. check results for SharedLibTest
  
Actual results:
audispd-plugins-1.7.17-3.el5.ppc: /sbin/audispd-zos-remote relies on libs in /usr: libldap-2.3.so.0 => /usr/lib/libldap-2.3.so.0 (0x0fc30000) liblber-2.3.so.0 => /usr/lib/liblber-2.3.so.0 (0x0ffa0000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x0ed30000) (3 of 7 libs shown) 

Expected results:
TBD

Additional info:
There are similar bugs for rsyslog and other packages. For example  Bug 544328, 
Bug 544317, and others.


[1] - http://wiki.test.redhat.com/ReferenceManual/Tps
[2] - http://nest.test.redhat.com/mnt/qa/scratch/ppcp-5s-m1/2009:9184/tps/tps-rpmtest.html
Comment 1 Steve Grubb 2009-12-17 15:47:26 UTC 
This is actually not such a bad problem. The audit event dispatcher will attempt to restart the plugin when it has an event to report. So, under normal operations, the plugin should get started when the next event arrives which would be after the disks are mounted.
Comment 2 Steve Grubb 2010-07-02 16:01:23 UTC 
Not sure what to do about this bug. In a way, this is a problem. But its not an audit package problem. IOW, the work would have to be done on 2 different packages and we would need 2 bz for that. I don't think we are moving libraries around this late in RHEL5's life, too. I would suggest closing this bug or moving it to RHEL6 where we can do something about it.
Comment 4 Jan Zeleny 2010-07-12 13:55:52 UTC 
I agree, there is no point in making this kind of change in RHEL5 in its current life phase. I'm moving this bug to RHEL6, I believe this change can occur in RHEL-6.1.
Comment 6 Jan Vcelak 2011-01-13 20:37:48 UTC 
Fixed in: openldap-2.4.23-5.el6
Comment 7 Jan Vcelak 2011-01-13 20:37:48 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
- have diskless station with program which requires OpenLDAP libraries (e.g. audispd-zos-remote) and is used during the boot
- tool will fail as /usr/lib is not available at the boot time
- moved libldap, libldap_r and liblber libraries from /usr/lib to /lib
- tools using OpenLDAP libraries on diskless stations can use these libraries even during boot
Comment 9 Jan Vcelak 2011-01-13 23:21:57 UTC 
Symlinks for openldap-devel were left in /usr/lib.

Realy fixed in: openldap-2.4.23-6.el6
Comment 10 Milan Crha 2011-02-01 12:39:10 UTC 
I suppose this change may fix my issue with evolution-data-server, which is using evolution-openldap. The RPMdiff failed [1] with removed ABI symbols from ldap, because evolution-data-server is linking ldap libraries statically.

I noticed in build.log of [2] (after this RPMdiff failure notice) that the evolution-data-server is configured with
>   --with-openldap=/usr/lib/evolution-openldap --with-static-ldap
and then later in the log
>   checking for OpenLDAP... /usr/lib/evolution-openldap
>   ...
>   checking for ldap_open in -lldap... no
>   checking for ldap_ntlm_bind... no
which results in:
>   LDAP support:		/usr/lib/evolution-openldap (static)
but
>   configure: WARNING:
>   No NTLM support in OpenLDAP; Plaintext password authentication will be
>   used when connecting to the Exchange Global Catalog server. Consider
>   installing the evo-openldap package, or building OpenLDAP with the
>   patch in servers/exchange/docs/openldap-ntlm.diff

The warning may not be there, same as the ABI change reported by RPMdiff might not be there.

Evolution-data-server build from 2011-01-10 against openldap-devel-2.4.19-15.el6 works correctly, but build from 2011-01-17 against openldap-devel-2.4.23-4.el6 doesn't work.

Same as the latest build [3], which is also against 2.4.23-4.
Can we get the latest openldap package to the build root, please?

[1] https://errata.devel.redhat.com/rpmdiff/show/47337
[2] http://download.devel.redhat.com/brewroot/packages/evolution-data-server/2.28.3/14.el6/data/logs/i686/
[3] https://brewweb.devel.redhat.com/taskinfo?taskID=3079160
Comment 11 Milan Crha 2011-02-01 13:09:33 UTC 
OK, I asked rel-eng to tag newer openldap for a build, and it didn't help. When the evolution-data-server is built against openldap-devel-2.4.23-8.el6 then it suffers with the same issue. So what now, do you want a new bug report?
Comment 12 Milan Crha 2011-03-14 15:50:16 UTC 
Oops, I forgot to update this. The latest evolution-data-server-2.28.3-15.el6 builds fine, the problem was with nss not being used when compiling exchange parts of eds, if I recall correctly.
Comment 13 Ondrej Moriš 2011-03-14 15:52:33 UTC 
Jan, please move also libldif-2.4.so.* from /usr/lib{,64} to /lib{,64}. It is
just a "cosmetic" issue, but it would be nice if all libraries were placed in
the same location. A symlink in /usr/lib{,64} might be created as well.
Comment 16 Jan Vcelak 2011-04-20 16:53:44 UTC 
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1,4 +1,4 @@
 - have diskless station with program which requires OpenLDAP libraries (e.g. audispd-zos-remote) and is used during the boot
 - tool will fail as /usr/lib is not available at the boot time
-- moved libldap, libldap_r and liblber libraries from /usr/lib to /lib
+- moved all OpenLDAP libraries from /usr/lib to /lib
 - tools using OpenLDAP libraries on diskless stations can use these libraries even during boot
Comment 17 errata-xmlrpc 2011-05-19 13:59:29 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0673.html
Note You need to log in before you can comment on or make changes to this bug.