Re: OpenLDAP/SASL2 problem in FreeBSD 10.0-CURRENT WAS: Re: HELP
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig4FE1AD6D68C1E6B590FC7107
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Am 08/18/12 22:31, schrieb Adam McDougall:
> On 8/18/2012 4:07 AM, O. Hartmann wrote:
>> My setups on all boxes using OpenLDAP, the port
>> net/opendldap24-client/server has security/cyrus-sasl2 enabled.
>> I use nsswitch and nascd.
>>
>> The problem:
>> I can not anymore install or reinstall (using portmaster, patched for
>> pkgng) the ports
>>
>> security/cyrus-sasl2
>> net/openldap24-client
>>
>> When performing an update (no matter which one), The installation
>> process dies when installing the packages (see error for openldap-clei=
nt
>> below, it is proxy for cyrus-sasl2 also).
>>
>> After a failed installation, close to all binaries I touch start to
>> coredump in a mustang way. ls(1) works, but ls -la dumps core (resolvi=
ng
>> the ownership-issue?).
>>
>> The only way to "save" the box is to copy missing libldap_r-2.4.so.8 o=
r
>> libsasl2.so.2 to /usr/local/lib/ from another, compatible box or from =
a
>> backup.
>>
>> It is impossible to me to update/reinstall either net/openldap24-clien=
t
>> or security/cyrus-sasl2.
>>
>> =3D=3D=3D> Installing for openldap-sasl-client-2.4.32_1
>> =3D=3D=3D> Generating temporary packing list
>> Segmentation fault (core dumped)
>> *** [install-mtree] Error code 139
>>
> What happens if you disable both LDAP and cache support from NSS before=
> upgrading either of those two packages? Installing files certainly mus=
t
> invoke functions that need to translate owners/groups to uid/gid so per=
haps
> something related to that suddenly fails during an attempt to replace
> the library. It sounds like if your LDAP support becomes corrupt, then=
> it leaves a gaping hole in the NSS critical path that many parts of the=
> system must be using. When you run into this situation and can resolve=
> it easily by replacing the old ldap library, is the old one corrupt?
> Missing? Can you save a copy for evaluation? Does your system break i=
n
> a similar manner simply by renaming the LDAP library, or does it behave=
> worse only if there is a faulty LDAP library being used by nss_ldap?
I see the same issue in single user mode, when nscd isn't running. But
/etc/pam.d/system delegates to LDAP for non-local id.
When the issues arise, the open ldap library libldap_r.so isn't
available anymore because something run wrong during the update.
I dumped portmaster, use portupgrade at the moment. It seems, that this
works so far, no matter why.
When that happened (also with libsasl2.so, the same), I have to use
/rescue/tar to extract the backup found in
/usr/ports/packages/portmaster-backup/. bsdtar also fails.
I can't say the LDAP lib is worse. It is simply missing after the
installation ran rogue.
At the moment, I try to dump also pkg and run the old pkg_xxx stuff
again. Maybe something got corrupt when I swapped to pkgng or pkgng has
a serious bug not capable of handling those situations. or I was too
brave using the patched portmaster in the first place, which compromised
my installation and the problems I face now are a consequnce of some
hidden problems elsewere ...
--------------enig4FE1AD6D68C1E6B590FC7107
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)
iQEcBAEBAgAGBQJQMrK/AAoJEOgBcD7A/5N8Zb4H/RHPjHHw3pNJnal3LV5EG2qH
agVUMYPD+WCfXf46qUaYQg3PyGIKJuWyE0D/0xijiBRrNrM/vN441fo1yBZi40hZ
K8yftehZX36fDEIGgRpyHF9Vn8RbxTVf78nnc1We4aGDcmw3j2DVlwP22s0uWtY0
tCmUX43zCq6j7YWin6WAiqlaO0aS7z8dofi8s8komEqfpgEPVgHfTyP7hp3yjZvz
AihrqGiA5aWG9PxDbboB0P5mPPg/2dn+EeNpOIRkdfS6698OVR671U1Uh6trgBgp
L7GiArvYLsdJLN5Oa9zlXlQIgvypZGWab3c/d+otA9iL/xi8pgzAdsCLFpdatV8=
=Pni3
-----END PGP SIGNATURE-----
--------------enig4FE1AD6D68C1E6B590FC7107--
討論串 (同標題文章)
完整討論串 (本文為第 2 之 2 篇):