Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#991274: Package libldap-2.4-2 was built without LDAP_CONNECTIONLESS
134 views
Skip to first unread message
Gerald Vincent
Jul 19, 2021, 9:50:03 AM7/19/21
to
Package: libldap-2.4-2
Version: 2.4.57+dfsg-3
Hi,
Since 2.4.0, package sssd needs openldap library built with CONNECTIONLESS support to use cldap:// requests.
Without this feature enables, sssd is no longer working properly with Active Directory.
We have this kind of error meessage:
``
[sss_ldap_init_sys_connect_done] (0x0020): ldap_init_fd failed: Bad parameter to an ldap routine. [24][cldap://ad_server:ad_port]
[sdap_sys_connect_done] (0x0020): sdap_async_connect_call request failed: [5]: Input/output error.
[ad_cldap_ping_done] (0x0040): Unable to get site and forest information [2]: No such file or directory
[sssd_async_socket_init_done] (0x0020): sdap_async_sys_connect request failed: [110]: Connection timed out.
[sss_ldap_init_sys_connect_done] (0x0020): sssd_async_socket_init request failed: [110]: Connection timed out.
[sdap_sys_connect_done] (0x0020): sdap_async_connect_call request failed: [110]: Connection timed out.
[sssd_async_socket_init_done] (0x0020): sdap_async_sys_connect request failed: [110]: Connection timed out.
[sss_ldap_init_sys_connect_done] (0x0020): sssd_async_socket_init request failed: [110]: Connection timed out.
[sdap_sys_connect_done] (0x0020): sdap_async_connect_call request failed: [110]: Connection timed out.
[ad_cldap_ping_done] (0x0040): Unable to get site and forest information [2]: No such file or directory
[sssd_async_socket_init_done] (0x0020): sdap_async_sys_connect request failed: [110]: Connection timed out.
[sss_ldap_init_sys_connect_done] (0x0020): sssd_async_socket_init request failed: [110]: Connection timed out.
[sdap_sys_connect_done] (0x0020): sdap_async_connect_call request failed: [110]: Connection timed out.
[sssd_async_socket_init_done] (0x0020): sdap_async_sys_connect request failed: [110]: Connection timed out.
[sss_ldap_init_sys_connect_done] (0x0020): sssd_async_socket_init request failed: [110]: Connection timed out.
[sdap_sys_connect_done] (0x0020): sdap_async_connect_call request failed: [110]: Connection timed out.
```
As Debian 11.0 provide sssd 2.4.0+ package, I guess libldap-2.4-2 should be built with LDAP_CONNECTIONLESS flag.
More information on sssd's github: https://github.com/SSSD/sssd/issues/5391
Ryan Tandy
Jul 19, 2021, 12:10:03 PM7/19/21
to
Control: severity -1 wishlist
Hi,
I'm afraid this is too late for Debian 11 (bullseye). We could look at
enabling it for Debian 12 (bookworm).
On Mon, Jul 19, 2021 at 03:35:38PM +0200, Gerald Vincent wrote:
>Since 2.4.0, package sssd needs openldap library built with CONNECTIONLESS support to use cldap:// requests.
>Without this feature enables, sssd is no longer working properly with Active Directory.
Why does the new version of sssd require this? Can it not remain
optional on their side, if it was in the past?
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539421 for the
previous request about LDAP_CONNECTIONLESS. As far as I know the
upstream status hasn't changed...
thanks
Ryan
Hi,
I'm afraid this is too late for Debian 11 (bullseye). We could look at
enabling it for Debian 12 (bookworm).
On Mon, Jul 19, 2021 at 03:35:38PM +0200, Gerald Vincent wrote:
>Since 2.4.0, package sssd needs openldap library built with CONNECTIONLESS support to use cldap:// requests.
>Without this feature enables, sssd is no longer working properly with Active Directory.
optional on their side, if it was in the past?
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539421 for the
previous request about LDAP_CONNECTIONLESS. As far as I know the
upstream status hasn't changed...
thanks
Ryan
Quanah Gibson-Mount
Jul 19, 2021, 12:30:04 PM7/19/21
to
--On Monday, July 19, 2021 9:59 AM -0700 Ryan Tandy <ry...@nardis.ca> wrote:
> Why does the new version of sssd require this? Can it not remain optional
> on their side, if it was in the past?
>
> See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539421 for the
> previous request about LDAP_CONNECTIONLESS. As far as I know the upstream
> status hasn't changed...
I've noted as much in the github issue.
> Why does the new version of sssd require this? Can it not remain optional
> on their side, if it was in the past?
>
> See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539421 for the
> previous request about LDAP_CONNECTIONLESS. As far as I know the upstream
> status hasn't changed...
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
Gerald Vincent
Jul 20, 2021, 3:40:04 AM7/20/21
to
Hi Quanah,
Yes, I looked for possible setting to keep old behaviour, but i found nothing for now.
I agree sssd team should provide this if connectionless is still not supported by openldap.
Thanks,
Gérald
Ryan Tandy
Aug 15, 2021, 12:20:03 PM8/15/21
to
Hi Gerald,
The following patch is supposed to make CLDAP optional for sssd again:
https://github.com/SSSD/sssd/issues/5720
https://github.com/SSSD/sssd/pull/5743
Would it be possible for you to test that patch and report your findings
in the issue or pull request?
CCing the sssd maintainers in case the fix might be suitable for
backporting to bullseye.
thanks
Ryan
The following patch is supposed to make CLDAP optional for sssd again:
https://github.com/SSSD/sssd/issues/5720
https://github.com/SSSD/sssd/pull/5743
Would it be possible for you to test that patch and report your findings
in the issue or pull request?
CCing the sssd maintainers in case the fix might be suitable for
backporting to bullseye.
thanks
Ryan
Sven Probst
Sep 15, 2021, 8:30:03 AM9/15/21
to
The referenced patch/issue
> https://github.com/SSSD/sssd/issues/5720
> https://github.com/SSSD/sssd/pull/5743
are closed. The patch is accepted.
> https://github.com/SSSD/sssd/issues/5720
> https://github.com/SSSD/sssd/pull/5743
are closed. The patch is accepted.
draeath
Sep 23, 2021, 6:50:02 PM9/23/21
to
Hello,
As a workaround for now, is it sufficient to rebuild libldap-2.4 with LDAP_CONNECTIONLESS defined?
Thanks.
Ryan Tandy
Sep 24, 2021, 12:00:02 PM9/24/21
to
Control: retitle -1 sssd-ldap: ldap_init_fd failed: Bad parameter to an ldap routine
Control: reassign -1 sssd-ldap 2.4.0-1
Control: severity -1 important
Hi Timo,
Since this is kind of a regression in sssd 2.4.0, and a fix is now
available for sssd [1], can I ask you to take care of it on sssd's side?
maybe also in bullseye, since it seems we have a few stable users
affected?
[1] https://github.com/SSSD/sssd/pull/5743
Thank you,
Ryan
Control: reassign -1 sssd-ldap 2.4.0-1
Control: severity -1 important
Hi Timo,
Since this is kind of a regression in sssd 2.4.0, and a fix is now
available for sssd [1], can I ask you to take care of it on sssd's side?
maybe also in bullseye, since it seems we have a few stable users
affected?
[1] https://github.com/SSSD/sssd/pull/5743
Thank you,
Ryan
Timo Aaltonen
Sep 27, 2021, 5:30:04 AM9/27/21
to
sssd 2.5.2-3 should already have that?
--
t
0 new messages