Hello,
I tried hard but I can't manage to get back-meta to work as a module with OpenLDAP 2.3.34 to 2.3.35. (I'm actually trying to backport the Debian last "slapd-2.3.35" to "Etch" )
However, compiling back-meta and back-ldap --enable-ldap --enable-meta seems to solve my problem ... but why ?
Here's the error message I get :
@(#) $OpenLDAP: slapd 2.3.35 (Jun 15 2007 09:41:15) $ root@Lena:/root/openldap/sources/openldap-2.3.35/servers/slapd /usr/local/2.3.35/slapd-meta.conf: line 61: "pseudorootdn", "pseudorootpw" are no longer supported; use "idassert-bind" and "idassert-authzFrom" instead. /usr/local/2.3.35/libexec/slapd: symbol lookup error: /usr/local/2.3.35/libexec/ldap/back_meta-2.3.so.0: undefined symbol: slap_idassert_parse_cf
The build options :
./configure --prefix=/usr/local/2.3.35 --exec-prefix=/usr/local/2.3.35 --enable-debug --enable-dynamic --enable-syslog --enable-proctitle --enable-ipv6 --enable-local --enable-slapd --enable-aci --enable-cleartext --enable-crypt --enable-spasswd --enable-modules --enable-rewrite --enable-rlookups --enable-slapi --enable-slp --enable-wrappers --enable-backends=mod --enable-ldbm=no --enable-overlays=mod --enable-slurpd --with-subdir=ldap --with-cyrus-sasl --with-threads --with-tls
The config file :
include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/openldap.schema include /etc/ldap/schema/nis.schema
pidfile /var/run/slapd/slapd2.3.35.pid argsfile /var/run/slapd/slapd2.3.35.args
loglevel stats
# Where the dynamically loaded modules are stored modulepath /usr/local/2.3.35/libexec/ldap moduleload back_ldap.la moduleload back_meta.la
database meta
suffix "o=test,c=fr" rootdn "cn=proxy,o=test,c=fr" rootpw secretlies
uri "ldap://10.56.20.30:389/ou=toto,o=test,c=fr"
pseudorootdn cn=proxy,ou=applications,ou=tata,o=test,c=fr pseudorootpw secret2
uri "ldap://10.65.23.19:389/ou=tata,o=test,c=fr" pseudorootdn cn=proxy,ou=applications,ou=toto,o=test,c=fr
pseudorootpw secret3 map attribute affe sage
Thanks for your advices ...
Alexandre DVL
___________________________________________________________________________________ You snooze, you lose. Get messages ASAP with AutoCheck in the all-new Yahoo! Mail Beta. http://advision.webevents.yahoo.com/mailbeta/newmail_html.html
Alexandre DUVAL wrote:
I tried hard but I can't manage to get back-meta to work as a module with OpenLDAP 2.3.34 to 2.3.35. (I'm actually trying to backport the Debian last "slapd-2.3.35" to "Etch" )
However, compiling back-meta and back-ldap --enable-ldap --enable-meta seems to solve my problem ... but why ?
Here's the error message I get :
@(#) $OpenLDAP: slapd 2.3.35 (Jun 15 2007 09:41:15) $ root@Lena:/root/openldap/sources/openldap-2.3.35/servers/slapd /usr/local/2.3.35/slapd-meta.conf: line 61: "pseudorootdn", "pseudorootpw" are no longer supported; use "idassert-bind" and "idassert-authzFrom" instead. /usr/local/2.3.35/libexec/slapd: symbol lookup error: /usr/local/2.3.35/libexec/ldap/back_meta-2.3.so.0: undefined symbol: slap_idassert_parse_cf
slap_idassert_parse_cf() is defined in back-ldap, but also used in back-meta. There might be other functions shared by the two backends, so you need to build and load both to make sure back-meta works as a module. Historically, the development of the two backends has followed similar paths, with lots of functionality (and code) sharing between the two. Clearly it's a bug that back-meta can be compiled as a module without back-ldap but then needs it to run, but I don't see a clear way to resolve it without unnecessary code duplication.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
--On June 19, 2007 8:36:09 PM +0200 Pierangelo Masarati ando@sys-net.it wrote:
Alexandre DUVAL wrote:
I tried hard but I can't manage to get back-meta to work as a module with OpenLDAP 2.3.34 to 2.3.35. (I'm actually trying to backport the Debian last "slapd-2.3.35" to "Etch" )
However, compiling back-meta and back-ldap --enable-ldap --enable-meta seems to solve my problem ... but why ?
Here's the error message I get :
@(#) $OpenLDAP: slapd 2.3.35 (Jun 15 2007 09:41:15) $ root@Lena:/root/openldap/sources/openldap-2.3.35/servers/slapd /usr/local/2.3.35/slapd-meta.conf: line 61: "pseudorootdn", "pseudorootpw" are no longer supported; use "idassert-bind" and "idassert-authzFrom" instead. /usr/local/2.3.35/libexec/slapd: symbol lookup error: /usr/local/2.3.35/libexec/ldap/back_meta-2.3.so.0: undefined symbol: slap_idassert_parse_cf
slap_idassert_parse_cf() is defined in back-ldap, but also used in back-meta. There might be other functions shared by the two backends, so you need to build and load both to make sure back-meta works as a module. Historically, the development of the two backends has followed similar paths, with lots of functionality (and code) sharing between the two. Clearly it's a bug that back-meta can be compiled as a module without back-ldap but then needs it to run, but I don't see a clear way to resolve it without unnecessary code duplication.
I think enabling back-meta should force the enabling of back-ldap. If someone tries to force building back-meta without back-ldap, then configure should throw an error and fail to run.
--Quanah
-- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Quanah Gibson-Mount wrote:
I think enabling back-meta should force the enabling of back-ldap. If someone tries to force building back-meta without back-ldap, then configure should throw an error and fail to run.
What's odd is that to use back-meta when built as module, not only one needs to build back-ldap as well, but, in case back-ldap is also built as module, it needs to be loaded before back-meta. Too many requirements, in my opinion to make sense. I see two(/three) solutions:
1) duplicate the code in the two backends (that's what I tried hard to avoid, as it was a maintenance nightmare)
2) move the common code into the core of slapd (bad, since most of the times it's specific to the two proxy backends)
3) tie the two backends together (the dependence is not so tight, though)
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
Pierangelo,
Not knowing the internals of OpenLDAP when it comes to module loading, but couldn't you factor the common code of both back-meta & back-ldap into a separate library (libmetacommon.la...) and then have both back-meta & back-ldap have library dependencies on that common library? This would alleviate your concerns of code duplication as well as of putting the common code into core slapd, but may be more of a maintenance problem than your other options.
Darin
Pierangelo Masarati ando@sys-net.it wrote: Quanah Gibson-Mount wrote:
I think enabling back-meta should force the enabling of back-ldap. If someone tries to force building back-meta without back-ldap, then configure should throw an error and fail to run.
What's odd is that to use back-meta when built as module, not only one needs to build back-ldap as well, but, in case back-ldap is also built as module, it needs to be loaded before back-meta. Too many requirements, in my opinion to make sense. I see two(/three) solutions:
1) duplicate the code in the two backends (that's what I tried hard to avoid, as it was a maintenance nightmare)
2) move the common code into the core of slapd (bad, since most of the times it's specific to the two proxy backends)
3) tie the two backends together (the dependence is not so tight, though)
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
Darin Broady dbroady1@yahoo.com
Alexandre DUVAL alexandredvl@yahoo.com writes:
Hello,
I tried hard but I can't manage to get back-meta to work as a module with OpenLDAP 2.3.34 to 2.3.35. (I'm actually trying to backport the Debian last "slapd-2.3.35" to "Etch" )
However, compiling back-meta and back-ldap --enable-ldap --enable-meta seems to solve my problem ... but why ?
Here's the error message I get :
@(#) $OpenLDAP: slapd 2.3.35 (Jun 15 2007 09:41:15) $ root@Lena:/root/openldap/sources/openldap-2.3.35/servers/slapd /usr/local/2.3.35/slapd-meta.conf: line 61: "pseudorootdn", "pseudorootpw" are no longer supported; use "idassert-bind" and "idassert-authzFrom" instead. /usr/local/2.3.35/libexec/slapd: symbol lookup error: /usr/local/2.3.35/libexec/lda pseudorootdn cn=proxy,ou=applications,ou=tata,o=test,c=fr pseudorootpw secret2
[...]
uri "ldap://10.65.23.19:389/ou=tata,o=test,c=fr" pseudorootdn cn=proxy,ou=applications,ou=toto,o=test,c=fr pseudorootpw secret3 map attribute affe sage
As the error message stated, pseudorootdn and pseudorootpw are not supported anymore.
-Dieter
Dieter Kluenter wrote:
Alexandre DUVAL alexandredvl@yahoo.com writes:
Hello,
I tried hard but I can't manage to get back-meta to work as a module with OpenLDAP 2.3.34 to 2.3.35. (I'm actually trying to backport the Debian last "slapd-2.3.35" to "Etch" )
However, compiling back-meta and back-ldap --enable-ldap --enable-meta seems to solve my problem ... but why ?
Here's the error message I get :
@(#) $OpenLDAP: slapd 2.3.35 (Jun 15 2007 09:41:15) $ root@Lena:/root/openldap/sources/openldap-2.3.35/servers/slapd /usr/local/2.3.35/slapd-meta.conf: line 61: "pseudorootdn", "pseudorootpw" are no longer supported; use "idassert-bind" and "idassert-authzFrom" instead. /usr/local/2.3.35/libexec/slapd: symbol lookup error: /usr/local/2.3.35/libexec/lda pseudorootdn cn=proxy,ou=applications,ou=tata,o=test,c=fr pseudorootpw secret2
[...]
uri "ldap://10.65.23.19:389/ou=tata,o=test,c=fr" pseudorootdn cn=proxy,ou=applications,ou=toto,o=test,c=fr pseudorootpw secret3 map attribute affe sage
As the error message stated, pseudorootdn and pseudorootpw are not supported anymore.
No, that's just a warning. The real error is "symbol lookup error: ..." (note the tell-tale presence of the word "error" in the message...) Unfortunately that part of the message is cut off, so we have no idea what symbol it's having a problem with.
openldap-software@openldap.org
-
Alexandre DUVAL -
Darin Broady -
Dieter Kluenter -
Howard Chu -
Pierangelo Masarati -
Quanah Gibson-Mount