[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: FW: OpenLDAP 2.3.20 + OpenSSL 0.9.8a -> SSL/TLS Segmentation fault

Thanks for your reply, I'll try the rpm you say in a virtual machine with RHEL4 Update 3, but I can't do it (for now) on the server.

Regarding the other packages, all other stuff is Red Hat's packages updated via Up2Date, though I've only installed the needed packages for my setup. Other apps as MySQL, Apache, Tomcat, etc will be newest stable versions too. 

I know there are another distros with newer packages than RedHat, but I can not choose the OS, so I have to keep RHEL4 Update2 (without upgrading the kernel, for hardware compatibility matrix issues). 

I have 2 questions:
- Regarding the library links, is there an easy way to do a recursive check of the library links?
- ¿Anybody has a working OpenLDAP with OpenSSL 0.9.8a and SASL 2.1.21? Any Segmentation faults?

Thanks in advance for any help.


Jose Angel Mendia

-----Original Message-----
From: Buchan Milne [mailto:bgmilne@staff.telkomsa.net] 
Sent: miércoles, 22 de marzo de 2006 10:29
To: Jose Angel Mendia
Subject: Re: FW: OpenLDAP 2.3.20 + OpenSSL 0.9.8a -> SSL/TLS Segmentation fault

On Tuesday 21 March 2006 12:20, Jose Angel Mendia wrote:
> Thanks for info. The answer to your questions is that the openssl 
> version that comes with RedHat can be found here:
> http://www.openssl.org/support/faq.html#BUILD8.

Have you verified that this is still valid? Do you need these features?

> Besides of this, as I
> was to install last OpenLDAP, I thought it could be best to install 
> latest stables of BDB, SASL, OpenLDAP and OpenSSL.

What about the other 900 packages on your system?

> There is also the
> reason that I'm configuring a server from zero, and I have the chance 
> to try everything works ok with this stable versions, so I get the 
> latest features from this software.

If you use the Red Hat supplied packages, at least it will be supported (and work). If you're not going to use any Red Hat supplied packages, why run Red Hat at all? Use another distro which has more up-to-date packages ...

> It will work with apache and other services too.

The Red Hat packages already work with apache and other services.

> I know that Red Hat's OpenSSL can't be uninstalled, so I installed the 
> other packages under /usr/local for not getting into trouble with 
> RedHat's own packages.
> The next problem I faced was linking new libraries only when neccessary.
> So I did it usin ld.so.conf and compiling the new packages with the 
> new libraries. Library paths and links seem to be OK.
>       # ldd /usr/local/libexec/slapd
> 	# ldd /usr/local/ssl/bin/openssl
> I know that with every app I use I have to be careful about which 
> version of OpenSSL and SASL is using, so I always use env and flags 
> when compiling.
> OpenLDAP is using the right version of the OpenSSL libraries and 
> openssl s_server and s_client work right, so I don't know where's the problem.

That's not the issue. You have to be sure that *every* *library* used by OpenLDAP, and every library used by every library used by OpenLDAP are using the same version of all these libraries.

> Also the SASL and BDB seems OK. I have tested once and again to make
> sure that those library paths are right. The SASL client and server work
> right too, and if I try SASL without SSL it works OK (except for the
> replica, but I will answer about that in another post. Here I want to
> solve the SSL problem only, because I will not use SASL for the moment).
> The thing is that now, I need doing LDAP with SSL. In the future I'll
> try SASL.
> Thanks in advance for any other suggestion.

I would suggest that you *first* start with the Red Hat packages of 
everything, and get a working configuration, *then* change things. And, if 
you *only* need an updated OpenLDAP, try these packages:



Buchan Milne
ISP Systems Specialist

**********************************  DISCLAIMER *******************************

This message may contain confidential, proprietary or legally privileged information. 
If you are not the intended recipient of this message, please notify it to the sender and delete without resending or backing it, as it is legally prohibited.

**********************************  AVISO LEGAL ******************************

Este mensaje puede contener información confidencial, en propiedad o legalmente protegida.
Si usted no es el destinatario, le rogamos lo comunique al remitente y proceda a borrarlo, sin reenviarlo ni conservarlo, ya que su uso no autorizado está prohibido legalmente.