HI!
I'd like to create really minimal custom builds of sssd-ldap even without krb5 stuff currently for Debian Wheezy/Jessie.
Are there any recommendations for achieving this?
I have a test installation tested with SSH, sudo, NSS built like this which required krb5-devel files though:
/configure -q \ --prefix=/opt/sssd \ --disable-krb5-locator-plugin \ --disable-pac-responder \ --disable-cifs-idmap-plugin \ --without-python2-bindings \ --without-python3-bindings \ --without-selinux \ --without-semanage \ --with-sudo \ --without-autofs \ --with-ssh \ --with-crypto=libcrypto \ --with-syslog=syslog \ --without-samba \ --without-nfsv4-idmapd-plugin \ --without-libwbclient \ --without-libnl \ --disable-config-lib \ --disable-intgcheck-reqs \ --disable-nls \ --disable-rpath
ln -s \ /opt/sssd/lib/libnss_sss.so.2 \ /lib/x86_64-linux-gnu/libnss_sss.so.2
ln -s \ /opt/sssd/lib/security/pam_sss.so \ /lib/x86_64-linux-gnu/security/pam_sss.so
One issue with memberof module installed into /usr/lib/x86_64-linux-gnu/ldb/modules/:
ldb: unable to dlopen /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/memberof.la : /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/memberof.la: invalid ELF header
Moving the files and setting LDB_MODULES_PATH did not help.
Ciao, Michael.
On (27/04/16 19:06), Michael Ströder wrote:
HI!
I'd like to create really minimal custom builds of sssd-ldap even without krb5 stuff currently for Debian Wheezy/Jessie.
It's not possible.
Why do you want to build sssd without krb5?
BTW patches are always welcomed :-)
LS
On Wed, Apr 27, 2016 at 07:06:55PM +0200, Michael Ströder wrote:
HI!
I'd like to create really minimal custom builds of sssd-ldap even without krb5 stuff currently for Debian Wheezy/Jessie.
Are there any recommendations for achieving this?
I have a test installation tested with SSH, sudo, NSS built like this which required krb5-devel files though:
/configure -q \ --prefix=/opt/sssd \ --disable-krb5-locator-plugin \ --disable-pac-responder \ --disable-cifs-idmap-plugin \ --without-python2-bindings \ --without-python3-bindings \ --without-selinux \ --without-semanage \ --with-sudo \ --without-autofs \ --with-ssh \ --with-crypto=libcrypto \ --with-syslog=syslog \ --without-samba \ --without-nfsv4-idmapd-plugin \ --without-libwbclient \ --without-libnl \ --disable-config-lib \ --disable-intgcheck-reqs \ --disable-nls \ --disable-rpath
ln -s \ /opt/sssd/lib/libnss_sss.so.2 \ /lib/x86_64-linux-gnu/libnss_sss.so.2
ln -s \ /opt/sssd/lib/security/pam_sss.so \ /lib/x86_64-linux-gnu/security/pam_sss.so
One issue with memberof module installed into /usr/lib/x86_64-linux-gnu/ldb/modules/:
ldb: unable to dlopen /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/memberof.la : /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/memberof.la: invalid ELF header
just remove /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/memberof.la. The *.la files are libtool helper files and are installed by default by the automake generated makefiles.
libldb unconditionally tries to open all files in the modules directory not only *.so files. One might argue if this is a bug or a feature, nevertheless you have to make sure that there are only 'real' modules in this directory. Since other packages might be confused by the *.la files as well we remove all when creating packages with the provided spec file:
# Remove .la files created by libtool find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} ;
HTH
bye, Sumit
Moving the files and setting LDB_MODULES_PATH did not help.
Ciao, Michael. _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
Sumit Bose wrote:
On Wed, Apr 27, 2016 at 07:06:55PM +0200, Michael Ströder wrote:
One issue with memberof module installed into /usr/lib/x86_64-linux-gnu/ldb/modules/:
ldb: unable to dlopen /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/memberof.la : /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/memberof.la: invalid ELF header
just remove /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/memberof.la. The *.la files are libtool helper files and are installed by default by the automake generated makefiles.
libldb unconditionally tries to open all files in the modules directory not only *.so files. One might argue if this is a bug or a feature, nevertheless you have to make sure that there are only 'real' modules in this directory. Since other packages might be confused by the *.la files as well we remove all when creating packages with the provided spec file:
# Remove .la files created by libtool find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} ;
Thanks a lot for this useful information!
Ciao, Michael.
Lukas Slebodnik wrote:
On (27/04/16 19:06), Michael Ströder wrote:
I'd like to create really minimal custom builds of sssd-ldap even without krb5 stuff currently for Debian Wheezy/Jessie.
It's not possible.
Why do you want to build sssd without krb5?
Because I don't need it. And with hardened systems it's good practice to remove unused code.
Ciao, Michael.
On (28/04/16 10:04), Michael Ströder wrote:
Lukas Slebodnik wrote:
On (27/04/16 19:06), Michael Ströder wrote:
I'd like to create really minimal custom builds of sssd-ldap even without krb5 stuff currently for Debian Wheezy/Jessie.
It's not possible.
Why do you want to build sssd without krb5?
Because I don't need it. And with hardened systems it's good practice to remove unused code.
Then you can prepare your own "fake" krb5 library. which would provide required functions for sssd. They should not be used with ldap provider and you will reduce dependencies. But it needn't be so simple. It's just an idea.
LS
sssd-users@lists.fedorahosted.org