Bug 1199362 - After todays updates sssd doesn't start due to version conflict in libldb2
After todays updates sssd doesn't start due to version conflict in libldb2
Status: RESOLVED FIXED
: 1131686 1199580 (view as bug list)
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Samba
Leap 15.3
64bit openSUSE Leap 15.3
: P5 - None : Major with 5 votes (vote)
: ---
Assigned To: Samuel Cabrero
The 'Opening Windows to a Wider World' guys
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-05-09 21:15 UTC by Kai Lappalainen
Modified: 2022-07-06 16:28 UTC (History)
10 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Kai Lappalainen 2022-05-09 21:15:24 UTC
As the summary says: Installed todays updates, zypper ps told me, that sssd uses deleted libs, tried to restart sssd, resulted in:

May 09 22:54:41 server sssd[79928]: ldb: module version mismatch in ../../source4/dsdb/samdb/ldb_modules/acl.c : ldb_version=2.4.2 module_version=2.4.1
May 09 22:54:41 server sssd[79928]: ldb: failed to initialise module /usr/lib64/ldb2/modules/ldb/samba/acl.so : Unavailable
May 09 22:54:41 server sssd[79928]: ldb: failed to initialise module /usr/lib64/ldb2/modules/ldb/samba : Unavailable
May 09 22:54:41 server sssd[79928]: SSSD couldn't load the configuration database [5]: Input/output error.
May 09 22:54:41 server systemd[1]: sssd.service: Main process exited, code=exited, status=4/NOPERMISSION
May 09 22:54:41 server systemd[1]: sssd.service: Failed with result 'exit-code'.
May 09 22:54:41 server systemd[1]: Failed to start System Security Services Daemon.
Comment 1 Kai Lappalainen 2022-05-09 21:20:10 UTC
Identified these updates:

2022-05-09 22:15:53|install|libldb2|2.4.2-150300.3.15.1|x86_64||repo-sle-update|aecd89ded1b390512f647204cea33a4b40922081f7399be41e26d7fd4b98c2fa|
2022-05-09 22:15:53|install|libldb2-32bit|2.4.2-150300.3.15.1|x86_64||repo-sle-update|03d5d8969e9627442b72271e761a5bb946728e484ad16c60d011142b7cce8313|
Comment 2 Marcus Meissner 2022-05-10 08:36:08 UTC
gnh, sssd should express this via rpm dependency ... but does not.
Comment 5 Friedrich Haubensak 2022-05-10 16:19:46 UTC
looks as it's actually not sssd but some samba run time, called by sssd, that fails here...

in other words:  samba or parts thereof have to be repackaged...
Comment 6 Friedrich Haubensak 2022-05-11 08:20:54 UTC
on a system with that libldb2 update (i.e. patch openSUSE-SLE-15.3-2022-1576) installed, i have rebuilt the latest samba packages (4.15.4+git.324.8332acf1a63-150300.3.25.3., from updates/leap/15.3/sle)
setting "%define ldb_version 2.4.2" in the smaba.spec file;
installed those packages; and sssd starts up and works again
Comment 8 Ralf Kölmel 2022-05-12 17:57:56 UTC
for now i have downgraded the affected libldb2 (with libldb2-32bit,python3-ldb) package to version 2.4.1-150300.3.10.1
i hope this severe bug will soon be fixed. 
I increased the severity of this bug in the hope the fixed packages will be released earlier.
Comment 9 Samuel Cabrero 2022-05-16 08:51:03 UTC
*** Bug 1131686 has been marked as a duplicate of this bug. ***
Comment 10 Samuel Cabrero 2022-05-16 08:52:49 UTC
Hi, the samba-dsdb-modules package has been updated to use the "%requires_eq" RPM macro to generate the libldb2 dependency at build time, which should prevent this issue to happen again in the future.

https://build.opensuse.org/request/show/976581

The change has been applied to 15.3, 15.4 and tumbleweed.
Comment 11 Swamp Workflow Management 2022-05-16 13:20:35 UTC
SUSE-RU-2022:1679-1: An update that has one recommended fix can now be installed.

Category: recommended (moderate)
Bug References: 1199362
CVE References: 
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    sssd-1.16.1-150300.23.28.1
openSUSE Leap 15.3 (src):    sssd-1.16.1-150300.23.28.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    sssd-1.16.1-150300.23.28.1
SUSE Linux Enterprise Micro 5.2 (src):    sssd-1.16.1-150300.23.28.1
SUSE Linux Enterprise Micro 5.1 (src):    sssd-1.16.1-150300.23.28.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Samuel Cabrero 2022-05-16 13:32:52 UTC
Released.
Comment 13 Friedrich Haubensak 2022-05-16 13:48:44 UTC
sorry, right now bug is not yet fixed.  the problem -- sssd does not start -- persists.

btw, i do not see the sense of this particular release.  just rebuilding sssd does not help.  the problem lies in some samba sub-package (probably samba-dsdb-modules) that must be repackaged / modified  to fit the updated libldb2.  see my previous comment.
Comment 14 Samuel Cabrero 2022-05-16 14:07:35 UTC
(In reply to Friedrich Haubensak from comment #13)
> sorry, right now bug is not yet fixed.  the problem -- sssd does not start
> -- persists.
> 
> btw, i do not see the sense of this particular release.  just rebuilding
> sssd does not help.  the problem lies in some samba sub-package (probably
> samba-dsdb-modules) that must be repackaged / modified  to fit the updated
> libldb2.  see my previous comment.

I misread comment #11. I will keep the bug open until the samba update is released.
Comment 15 Friedrich Haubensak 2022-05-16 14:15:36 UTC
thanks.  as your comment referred to the OBS package, i wanted to be sure that some samba patch release is actually on the way...
Comment 16 Samuel Cabrero 2022-05-16 14:28:54 UTC
*** Bug 1199580 has been marked as a duplicate of this bug. ***
Comment 18 Stig Mortensen 2022-05-17 09:38:49 UTC
Please be aware that we see the problem using samba-tool (not sssd), with the following package versions:

samba-dsdb-modules version.15.4+git.324.8332acf1a63-150300.3.25.3
samba-tool 4.15.4+git.324.8332acf1a63-150300.3.25.3

... and our error message is:

ldb: module version mismatch in ../../source4/dsdb/samdb/ldb_modules/acl.c : ldb_version=2.4.2 module_version=2.4.1
ldb: failed to initialise module /usr/lib64/ldb2/modules/ldb/samba/acl.so : Unavailable
ldb: failed to initialise module /usr/lib64/ldb2/modules/ldb/samba : Unavailable
ldb: module version mismatch in ../../source4/dsdb/samdb/ldb_modules/acl_read.c : ldb_version=2.4.2 module_version=2.4.1
ldb: failed to initialise module /usr/lib64/samba/ldb/aclread.so : Unavailable
WARNING: Module [samba_dsdb] not found - do you need to set LDB_MODULES_PATH?
Unable to load modules for tdb:///var/lib/samba/private/sam.ldb: (null)
ERROR(ldb): uncaught exception - None
  File "/usr/lib64/python3.6/site-packages/samba/netcmd/__init__.py", line 186, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib64/python3.6/site-packages/samba/netcmd/group.py", line 430, in run
    credentials=creds, lp=lp)
  File "/usr/lib64/python3.6/site-packages/samba/samdb.py", line 72, in __init__
    options=options)
  File "/usr/lib64/python3.6/site-packages/samba/__init__.py", line 114, in __init__
    self.connect(url, flags, options)
  File "/usr/lib64/python3.6/site-packages/samba/samdb.py", line 87, in connect
    options=options)
Comment 19 Swamp Workflow Management 2022-05-19 19:19:22 UTC
SUSE-RU-2022:1752-1: An update that has 10 recommended fixes can now be installed.

Category: recommended (important)
Bug References: 1080338,1118508,1173429,1195896,1196308,1196788,1197995,1198255,1199247,1199362
CVE References: 
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    samba-4.15.7+git.376.dd43aca9ab2-150300.3.32.1
SUSE Linux Enterprise Module for Python2 15-SP3 (src):    samba-4.15.7+git.376.dd43aca9ab2-150300.3.32.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    samba-4.15.7+git.376.dd43aca9ab2-150300.3.32.1
SUSE Linux Enterprise Micro 5.2 (src):    samba-4.15.7+git.376.dd43aca9ab2-150300.3.32.1
SUSE Linux Enterprise High Availability 15-SP3 (src):    samba-4.15.7+git.376.dd43aca9ab2-150300.3.32.1
SUSE Enterprise Storage 7.1 (src):    samba-4.15.7+git.376.dd43aca9ab2-150300.3.32.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 20 Samuel Cabrero 2022-06-15 10:39:44 UTC
Released.
Comment 21 Swamp Workflow Management 2022-07-06 16:28:28 UTC
SUSE-SU-2022:2307-1: An update that solves one vulnerability and has 10 fixes is now available.

Category: security (moderate)
Bug References: 1080338,1118508,1173429,1195896,1196224,1196308,1196788,1197995,1198255,1199247,1199362
CVE References: CVE-2021-3670
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    ldb-2.4.2-150400.4.3.11, samba-4.15.7+git.376.dd43aca9ab2-150400.3.5.3
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    ldb-2.4.2-150400.4.3.11, samba-4.15.7+git.376.dd43aca9ab2-150400.3.5.3
SUSE Linux Enterprise High Availability 15-SP4 (src):    samba-4.15.7+git.376.dd43aca9ab2-150400.3.5.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.