596325 – DNS LDAP backend doesn't work with bind-chroot

Bug 596325 - DNS LDAP backend doesn't work with bind-chroot

Summary: DNS LDAP backend doesn't work with bind-chroot

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	freeIPA
Classification:	Retired
Component:	ipa-server
Sub Component:
Version:	2.0
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Rob Crittenden
QA Contact:	Chandrasekar Kannan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-05-26 15:36 UTC by Rob Crittenden
Modified:	2015-01-04 23:42 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2014-11-24 18:15:11 UTC
Embargoed:

Attachments	(Terms of Use)

Description Rob Crittenden 2010-05-26 15:36:33 UTC

Description of problem:

Starting an IPA-configured bind with bind-chroot installed (the anaconda default) results in the error message:

failed to load driver ldap.so : libldap-2.4.so.2 : cannot open shared object file : no such file or directory

Uninstalling bind-chroot fixes it.

We need to either configure bind to work in the chroot with the ldap backend or document that this does not work and warn users at install time.

Version-Release number of selected component (if applicable):

bind-9.7.0-9.P1.fc13.x86_64
bind-dyndb-ldap-0.1.0-0.8.a1.20091210git.fc13.x86_64

Comment 2 Rob Crittenden 2010-09-27 18:34:29 UTC

https://fedorahosted.org/freeipa/ticket/126

Comment 3 Simo Sorce 2014-11-24 18:15:11 UTC

I think it is safe to say we weill not address this issue, as we are adding even more complexity to the bind plugin and setting up a chroot really has little to no benefit and instead requires a lot of work.

For better security in the future ccontainers may become available, if any effort on better containerization will be afforded will be in that direction anyway.

Closed upstream ticket already.

Note You need to log in before you can comment on or make changes to this bug.