Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at
Bug 1187742 - rebuild openldap with support for moznss
Summary: rebuild openldap with support for moznss
Alias: None
Product: Fedora
Classification: Fedora
Component: openldap
Version: rawhide
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Jan Synacek
QA Contact: Fedora Extras Quality Assurance
Whiteboard: AcceptedBlocker
Depends On:
Blocks: F22BetaBlocker
TreeView+ depends on / blocked
Reported: 2015-01-30 18:56 UTC by Rich Megginson
Modified: 2015-02-20 13:08 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2015-02-20 13:08:51 UTC
Type: Bug

Attachments (Terms of Use)

Description Rich Megginson 2015-01-30 18:56:10 UTC
Description of problem:

openldap was recently built against openssl in rawhide.  This breaks a number of applications such as 389, freeipa, dogtag, etc.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Actual results:

Expected results:

openldap is built with moznss

Additional info:

Comment 1 Fedora Blocker Bugs Application 2015-01-30 19:02:37 UTC
Proposed as a Blocker for 22-beta by Fedora user sgallagh using the blocker tracking app because:

 This issue subtly (and sometimes non-subtly) breaks many features of the Domain Controller Role for Fedora Server.

Comment 2 Adam Williamson 2015-02-02 17:51:12 UTC
Discussed at 2015-02-02 blocker review meeting: . Accepted as a Beta blocker - we trust sgallagh's assessment that it violates the given criterion. However, sgallagh, could we ask for a few more details on exactly what it breaks, so we can double check and do follow-up testing? Thanks.

Comment 3 Rich Megginson 2015-02-02 17:56:58 UTC
Specifically - it is going to break any outgoing LDAP TLS/SSL connection from any 389 related package.  So things like replication/chaining/pass-through-auth/windows sync from 389; most 389-admin/389-adminutil operations, including operations invoked via CGI from the 389-console packages; and 389-dsgw.  IPA will be affected because of replication and windows sync.

Comment 4 Nathan Kinder 2015-02-17 15:42:01 UTC
Is this going to be addressed for the upcoming F22 Alpha?  The non-backwards compatible change  to use openssl is going to break a number of features as mentioned in comment#1, and it should be reverted as soon as possible.

Note You need to log in before you can comment on or make changes to this bug.