Fri, 03 Oct 2008

openldap + replication + rhel = fuck redhat

Recently at work I've been putting a centralized auth server with ldap and kerberos, for the first stage of the role out this has gone smoothly. stage 2 has been to setup slave servers and replication for both kerberos and ldap. Kerberos aside from an acl issue and some weirdity with server names went pretty quickly. ldap on the other hand was a pain in the ass of titanic proportions.

I began by setting up the master server to push out changes via slapd and all other necessary changes for replication, this went quickly once i figured out that ldap configs are whitespace dependant. then the time came to setup the slave, this machine already had ldap installed so all i needed to do was copy over the configs from the master and remove the lines refering to replication and blast the existing database. Now the time to came to copy the existing database over from the master, a few minutes of scp and i had the database.

this is where the fun came in.

with everything in place i start the slave server up, error on the database due to a bdb version error, the slave machine is rhel 4 with bdb 4.2 and the master is rhel 5.2 with bdb 4.3 installed. so i upgrade bdb on the slave and start up the server again, only to have it fail complaining about bdb errors again. This confused the fuck out of my as they only version of libdb on the system was 4.3. At this point a friend suggested i run ldd on slapd and check how everything was linked. this is what i found.

slave:
ldd /usr/local/libexec/slapd 
	libdb-4.4.so => /usr/lib/libdb-4.4.so (0x0087e000)
	libpthread.so.0 => /lib/tls/libpthread.so.0 (0x00672000)
	libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x005bc000)
	libdl.so.2 => /lib/libdl.so.2 (0x005b6000)
	libcrypt.so.1 => /lib/libcrypt.so.1 (0x00603000)
	libssl.so.4 => /lib/libssl.so.4 (0x00111000)
	libcrypto.so.4 => /lib/libcrypto.so.4 (0x00145000)
	libresolv.so.2 => /lib/libresolv.so.2 (0x00633000)
	libc.so.6 => /lib/tls/libc.so.6 (0x00489000)
	/lib/ld-linux.so.2 (0x0046b000)
	libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x00c6d000)
	libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x00cd8000)
	libcom_err.so.2 => /lib/libcom_err.so.2 (0x00484000)
	libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00831000)
	libz.so.1 => /usr/lib/libz.so.1 (0x006bc000)

master:
ldd /usr/sbin/slapd
	linux-gate.so.1 =>  (0x00634000)
	libslapd_db-4.4.so => /usr/lib/tls/i686/libslapd_db-4.4.so (0x001ad000)
	libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00f1c000)
	libssl.so.6 => /lib/libssl.so.6 (0x00110000)
	libcrypto.so.6 => /lib/libcrypto.so.6 (0x002a9000)
	libcrypt.so.1 => /lib/libcrypt.so.1 (0x003dc000)
	libresolv.so.2 => /lib/libresolv.so.2 (0x00181000)
	libpthread.so.0 => /lib/libpthread.so.0 (0x00a3b000)
	libltdl.so.3 => /usr/lib/libltdl.so.3 (0x0068b000)
	libdl.so.2 => /lib/libdl.so.2 (0x005da000)
	libwrap.so.0 => /usr/lib/libwrap.so.0 (0x006c6000)
	libc.so.6 => /lib/libc.so.6 (0x00afe000)
	libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x00f88000)
	libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x0040e000)
	libcom_err.so.2 => /lib/libcom_err.so.2 (0x0059f000)
	libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00db0000)
	libz.so.1 => /usr/lib/libz.so.1 (0x00194000)
	/lib/ld-linux.so.2 (0x00165000)
	libnsl.so.1 => /lib/libnsl.so.1 (0x004a1000)
	libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0x00701000)
	libkeyutils.so.1 => /lib/libkeyutils.so.1 (0x00155000)
	libselinux.so.1 => /lib/libselinux.so.1 (0x00a76000)
	libsepol.so.1 => /lib/libsepol.so.1 (0x00773000)

the fuck is this libslapd_db-4.4.so => /usr/lib/tls/i686/libslapd_db-4.4.so (0x001ad000) redhat decided it was awesome to compile ldap against version 4.4 of bdb and then install another lib , why for fuck sake would they do that. if there is a legit problem with bdb 4.3 why not just upgrade the version the rest of the os uses. fuck redhat

posted at: 04:56 | Tags | path: /sysadmin | permanent link to this entry