FS#68841 - [libldap] Rebuild libldap with support for connectionless ldap needed for sssd-2.4.0+

Attached to Project: Arch Linux
Opened by Craig (craigacgomez) - Friday, 04 December 2020, 05:29 GMT
Last edited by Antonio Rojas (arojas) - Wednesday, 21 April 2021, 11:24 GMT
Task Type Feature Request
Category Packages: Core
Status Closed
Assigned To Antonio Rojas (arojas)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


Description:sssd-2.4.0+ makes use of the lightweight UPD connnectionless LDAP (cldap) in openldap. Without this feature enabled, sssd-2.4.0+ is now longer able to retrieve use groups, ids and permissions from LDAP or Active Directory. I initially create a ticket for sssd, but they recommended rebuilding libldap with cldap enabled. Doing so resolved the issue. This even causes issues with packages like libvirt because the system can no longer resolve the ldap/AD groups.

Additional info:
* package version(s) - libldap 2.4+
* config and/or log files etc - in upstream bug report
* link to upstream bug report, if any - https://github.com/SSSD/sssd/issues/5391

Steps to reproduce:
1. Install openldap, libldap & sssd for the arch repositories
2. Set up sssd to allow for active directory/ldap authentication
3. Login with active directory/ldap account
4. Attempt to retrieve use groups (id <username>)

Steps to resolve:
Rebuild openldap/libldap with connectionless LDAP support by adding CFLAGS="${CFLAGS} -DLDAP_CONNECTIONLESS" to PKGBUILD in the build subsection before the make command
This task depends upon

Closed by  Antonio Rojas (arojas)
Wednesday, 21 April 2021, 11:24 GMT
Reason for closing:  Implemented
Additional comments about closing:  openldap 2.4.58-2