View Issue Details

IDProjectCategoryView StatusLast Update
0013750CentOS-7openldappublic2017-09-13 09:16
Reporterrolffokkens 
PriorityurgentSeverityblockReproducibilityalways
Status newResolutionopen 
Platformx86_64OSCentOSOS Version7 CR
Product Version7.3.1611 
Target VersionFixed in Version 
Summary0013750: Upgrading to CentOS 7 CR breaks openldap server due to ppolicy changes
Descriptionslapd (ldap-server) will no longer start
Steps To ReproduceUse ppolicy
upgrade CentOS to 7.4 CR
Fail to start slapd
TagsNo tags attached.
abrt_hash
URLhttps://lists.ltb-project.org/pipermail/ltb-users/2015-December/000653.html

Activities

TrevorH

TrevorH

2017-08-31 15:02

manager   ~0029971

Is this documented in the upstream RHEL 7.4 release notes? https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/
TrevorH

TrevorH

2017-08-31 15:29

manager   ~0029972

CentOS 7.4 Release Notes https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.1708 have been updated to include a link to this bug and the mailing list link.
rolffokkens

rolffokkens

2017-08-31 20:18

reporter  

prep-ldap.sh (481 bytes)
rolffokkens

rolffokkens

2017-08-31 20:22

reporter   ~0029973

The attached script prep-ldap.sh works for my configuration, and may be useful for others. This script should be run prior to the RHEL upgrade to 7.4.

Instead of having you tamper with the slapd config manually, this uses ldapmodify to achieve the same result.

This may be particulary useful in clustered (syncrepl) setups, in which case the modification is distributed over the cluster automatically, depending on your setup.

prep-ldap-2.sh (481 bytes)
TrevorH

TrevorH

2017-09-02 11:48

manager   ~0029980

If you haven't alredy done so then raising a ticket on bugzilla.redhat.com about this would also be a good thing to do so that their release notes can be adjusted to document this too.
rolffokkens

rolffokkens

2017-09-02 16:51

reporter   ~0029982

Reported at https://bugzilla.redhat.com/show_bug.cgi?id=1487857
rolffokkens

rolffokkens

2017-09-13 08:51

reporter   ~0030041

Anticipating "Shooting for 1708 release early next week" (https://twitter.com/CentOS/status/906083174123540481) I would like to know what the situation around openldap will be on release. Will openldap/ppolicy issue be in the 1708 release?
TrevorH

TrevorH

2017-09-13 09:16

manager   ~0030042

Unless RHEL have patched and released the fix before then (which I doubt), it'll go out exactly how it is now in CR.

Issue History

Date Modified Username Field Change
2017-08-31 14:47 rolffokkens New Issue
2017-08-31 15:02 TrevorH Note Added: 0029971
2017-08-31 15:29 TrevorH Note Added: 0029972
2017-08-31 20:18 rolffokkens File Added: prep-ldap.sh
2017-08-31 20:22 rolffokkens File Added: prep-ldap-2.sh
2017-08-31 20:22 rolffokkens Note Added: 0029973
2017-09-02 11:48 TrevorH Note Added: 0029980
2017-09-02 16:51 rolffokkens Note Added: 0029982
2017-09-13 08:51 rolffokkens Note Added: 0030041
2017-09-13 09:16 TrevorH Note Added: 0030042