Bug#1010971: openldap breaks sssd autopkgtest: ldap_bind: Invalid credentials

Paul Gevers elbrus at debian.org
Sat May 14 12:27:54 BST 2022


Source: openldap, sssd
Control: found -1 openldap/2.5.12+dfsg-1
Control: found -1 sssd/2.6.3-3
Severity: serious
Tags: sid bookworm
User: debian-ci at lists.debian.org
Usertags: breaks needs-update

Dear maintainer(s),

With a recent upload of openldap the autopkgtest of sssd fails in 
testing when that autopkgtest is run with the binary packages of 
openldap from unstable. It passes when run with only packages from 
testing. In tabular form:

                        pass            fail
openldap               from testing    2.5.12+dfsg-1
sssd                   from testing    2.6.3-3
versioned deps [0]     from testing    from unstable
all others             from testing    from testing

I copied some of the output at the bottom of this report.

Currently this regression is blocking the migration of openldap to 
testing [1]. Due to the nature of this issue, I filed this bug report 
against both packages. Can you please investigate the situation and 
reassign the bug to the right package?

More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[0] You can see what packages were added from the second line of the log 
file quoted below. The migration software adds source package from 
unstable to the list if they are needed to install packages from 
openldap/2.5.12+dfsg-1. I.e. due to versioned dependencies or 
breaks/conflicts.
[1] https://qa.debian.org/excuses.php?package=openldap

https://ci.debian.net/data/autopkgtest/testing/amd64/s/sssd/21705563/log.gz

+ . debian/tests/util
+ . debian/tests/common-tests
+ mydomain=example.com
+ myhostname=ldap.example.com
+ mysuffix=dc=example,dc=com
+ admin_dn=cn=admin,dc=example,dc=com
+ admin_pw=secret
+ ldap_user=testuser1
+ ldap_user_pw=testuser1secret
+ ldap_group=ldapusers
+ adjust_hostname ldap.example.com
+ local myhostname=ldap.example.com
+ echo ldap.example.com
+ hostname ldap.example.com
+ grep -qE ldap.example.com /etc/hosts
+ echo 127.0.1.10 ldap.example.com
+ reconfigure_slapd
+ debconf-set-selections
+ rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb
+ dpkg-reconfigure -fnoninteractive -pcritical slapd
   Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.5.12+dfsg-1... done.
   Moving old database directory to /var/backups:
   - directory unknown... done.
   Creating initial configuration... done.
   Creating LDAP directory... done.
+ generate_certs ldap.example.com
+ local cn=ldap.example.com
+ local cert=/etc/ldap/server.pem
+ local key=/etc/ldap/server.key
+ local cnf=/etc/ldap/openssl.cnf
+ cat
+ openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout 
/etc/ldap/server.key -config /etc/ldap/openssl.cnf
Generating a RSA private key
.+++++
........+++++
writing new private key to '/etc/ldap/server.key'
-----
+ chmod 0640 /etc/ldap/server.key
+ chgrp openldap /etc/ldap/server.key
+ [ ! -f /etc/ldap/server.pem ]
+ [ ! -f /etc/ldap/server.key ]
+ enable_ldap_ssl
+ cat
+ cat+ ldapmodify -H ldapi:/// -Y EXTERNAL -Q
modifying entry "cn=config"

+ populate_ldap_rfc2307
+ ldapadd -x -D cn=admin,dc=example,dc=com -w secret
+ cat
ldap_bind: Invalid credentials (49)
autopkgtest [05:16:59]: test ldap-user-group-ldap-auth

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-openldap-devel/attachments/20220514/67b5aa09/attachment.sig>


More information about the Pkg-openldap-devel mailing list