Bug 596325 - DNS LDAP backend doesn't work with bind-chroot
Summary: DNS LDAP backend doesn't work with bind-chroot
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: freeIPA
Classification: Retired
Component: ipa-server
Version: 2.0
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Rob Crittenden
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-05-26 15:36 UTC by Rob Crittenden
Modified: 2015-01-04 23:42 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-11-24 18:15:11 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Rob Crittenden 2010-05-26 15:36:33 UTC 
Description of problem:

Starting an IPA-configured bind with bind-chroot installed (the anaconda default) results in the error message:

failed to load driver ldap.so : libldap-2.4.so.2 : cannot open shared object file : no such file or directory

Uninstalling bind-chroot fixes it.

We need to either configure bind to work in the chroot with the ldap backend or document that this does not work and warn users at install time.

Version-Release number of selected component (if applicable):

bind-9.7.0-9.P1.fc13.x86_64
bind-dyndb-ldap-0.1.0-0.8.a1.20091210git.fc13.x86_64
Comment 2 Rob Crittenden 2010-09-27 18:34:29 UTC 
https://fedorahosted.org/freeipa/ticket/126
Comment 3 Simo Sorce 2014-11-24 18:15:11 UTC 
I think it is safe to say we weill not address this issue, as we are adding even more complexity to the bind plugin and setting up a chroot really has little to no benefit and instead requires a lot of work.

For better security in the future ccontainers may become available, if any effort on better containerization will be afforded will be in that direction anyway.

Closed upstream ticket already.
Note You need to log in before you can comment on or make changes to this bug.