Bug 742592 - openldap built without tcp_wrappers
Summary: openldap built without tcp_wrappers
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: openldap
Version: 6.1
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Jan Vcelak
QA Contact: BaseOS QE Security Team
Depends On:
Blocks: 743213
TreeView+ depends on / blocked
Reported: 2011-09-30 17:00 UTC by Terje Røsten
Modified: 2013-03-04 01:29 UTC (History)
6 users (show)

Fixed In Version: openldap-2.4.23-20.el6
Doc Type: Bug Fix
Doc Text:
- openldap-server installed - host based ACLs do not work - updated configure flags to enable TCP wrappers - host based ACLs work
Clone Of:
: 743213 (view as bug list)
Last Closed: 2011-12-06 11:49:48 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1514 normal SHIPPED_LIVE openldap bug fix and enhancement update 2011-12-06 00:51:20 UTC

Description Terje Røsten 2011-09-30 17:00:08 UTC
Description of problem:

Seems like opeldap is built without tcp_wrappers support in RHEL6.

Is that by design or a bug?

I believe RHEL5 openldap packages had tcp_wrappers enabled?

Comment 2 Jan Vcelak 2011-10-04 09:14:10 UTC
I can confirm that this is a regression between RHEL-6 and RHEL-6.1. It was brought in by package rebase.

The fix is easy:

diff -u -r1.130 openldap.spec
--- openldap.spec       20 Sep 2011 11:52:35 -0000      1.130
+++ openldap.spec       4 Oct 2011 09:10:54 -0000
@@ -245,7 +245,7 @@
     --with-tls=no \
     --with-cyrus-sasl \
-    --with-wrappers \
+    --enable-wrappers \
     --enable-passwd \

Comment 3 Ondrej Moriš 2011-10-04 09:28:25 UTC
Why do we need it?

Comment 5 Terje Røsten 2011-10-04 10:02:33 UTC
Well, in RHEL5 I used it for access control.

Of course the server supports ip based acl and there are always iptables available. However, at least the change must be documented.

Comment 8 Jan Vcelak 2011-10-04 12:07:30 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    New Contents:
- openldap-server installed
- host based ACLs do not work
- updated configure flags to enable TCP wrappers
- host based ACLs work

Comment 11 errata-xmlrpc 2011-12-06 11:49:48 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.