https://hellosplat.com/s/beanbag/tickets/5023/
On Tuesday, March 5, 2024 at 12:33:57 PM UTC+1 Florian Miedniak wrote:
> I just stumbled upon this: libldap-common missing in
> beanbag/reviewboard:6.0 and above.
>
> This has a nasty consequence: Verification of LDAPS servers with
> non-public certificates is not possible anymore! Instead, RB will just
> report the very unspecific error:
> Error authenticating with LDAP: {'result': -1, 'desc': "Can't contact
> LDAP server", 'ctrls': [], 'info': '(unknown error code)'}
>
> *Back-trace down to root-cause:*
>
> 1. Certificate of LDAP server can't be verified -> No connection
> possible
> 2. LDAP client library is *not* configured to access system-wide
> certificates as located in /etc/ssl/certs (Should be configured in
> /etc/ldap/ldap.conf, but whole directory is missing)
> 3. Directory is missing, because package libldap-common is not
> installed
> 4. Chain of dependencies leading to installation:
> 1. RB 5.0 image: curl -> libcurl4 -> libldap-2.4-2 *-DEPENDS->*
> libldap-common
> 2. RB 6.0 image: curl -> libcurl4 -> libldap-2.5-0 *-RECOMMENDS->*
> libldap-common
> *=> Package libldap-common is not installed because its
> relationship changed from "dependents" to "recommends":* Before:
> https://packages.ubuntu.com/focal/libldap-2.4-2 Now:
> https://packages.ubuntu.com/jammy-updates/libldap-2.5-0
> *and* OS packages are installed with --no-install-recommends
>
> For now, I'll live with explicitly installing libldap-common in my own
> image that is derived from beanbag/reviewboard:6.0. But IMO it would be
> better to solve this in the base image.
>
> *Possible solutions:*
> (a) Remove the --no-install-recommends from call to apt-get
> + No explicit installation of libldap-common necessary, reduces risk of
> similar issues with other packages in future
> - May bloat the image with other packages that are neither wanted nor
> needed
> (b) Explicitly install package libldap-common
> + Reduces risk of bloating the image and minimizes change in images
>
> Any opinions on that? Anyway, is
> https://github.com/reviewboard/reviewboard/blob/release-6.0.2/contrib/docker/Dockerfile
>
> the correct file to look at and may I open a pull request for this right
> away or is it usual to discuss it first in this group?
>
> -Florian
>
--
Supercharge your Review Board with Power Pack:
https://www.reviewboard.org/powerpack/
Want us to host Review Board for you? Check out RBCommons:
https://rbcommons.com/
Happy user? Let us know! https://www.reviewboard.org/users/
---
You received this message because you are subscribed to the Google Groups
"Review Board Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to reviewboard+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/reviewboard/2f969746-ffc1-45aa-9985-e81b0c38350dn%40googlegroups.com.
