tracking for bug https://bugzilla.redhat.com/show_bug.cgi?id=596325
Starting an IPA-configured bind with bind-chroot installed (the anaconda default) results in the error message:
failed to load driver ldap.so : libldap-2.4.so.2 : cannot open shared object file : no such file or directory
Uninstalling bind-chroot fixes it.
We need to either configure bind to work in the chroot with the ldap backend or document that this does not work and warn users at install time.
Version-Release number of selected component (if applicable):
bind-9.7.0-9.P1.fc13.x86_64 bind-dyndb-ldap-0.1.0-0.8.a1.20091210git.fc13.x86_64
Copying with a chroot bind is going to be a lot of work for very little to no gain. Can't we simply close this issue by relying on SELinux for protection and explicitly making ipa server packages conflict with bind-chroot ?
Replying to [comment:2 simo]:
Copying with a chroot bind is going to be a lot of work for very ^^^ coping I meant
This might be something handy to have a HOWTO though if it is as simple as copying a couple of libraries and a keytab to the chroot jail. We can always tell them how to reconfigure it to use ldap:// instead of ldapdi:// when inside a chroot to avoid dealing with the ldapi socket.
How-to created: http://freeipa.org/page/Howto/FreeIPA_with_integrated_BIND_inside_chroot
I agree with Simo's proposal: Close it as WONTFIX. We have how-to for people who insist on chroot, it is more than enough.
Metadata Update from @rcritten: - Issue assigned to simo - Issue set to the milestone: Tickets Deferred
Login to comment on this ticket.