Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Getting BIND working on OpenSuSE 10.2 with Zimbra

  1. #1
    enew's Avatar
    enew is offline Junior Member
    Join Date
    Jun 2007
    Posts
    6
    Rep Power
    8

    Cool Getting BIND working on OpenSuSE 10.2 with Zimbra

    I can't start BIND on my server as it gives this error:
    Code:
    hxnews:/etc/init.d # ./named start
    Starting name server BIND /usr/sbin/named: error while loading shared libraries:
    libldap-2.3.so.0: failed to map segment from shared object: Operation not
    permitted
    startproc:  exit status of parent of /usr/sbin/named: 127
    OpenSuSE comes with version 2.3.27-25 of OpenLDAP which BIND must have been linked against.
    Can anyone suggest how I get BIND running? I need a split DNS setup.

    Thanks,

    Edwin.

  2. #2
    enterprisetoday is offline Intermediate Member
    Join Date
    Jun 2007
    Location
    Brisbane
    Posts
    17
    Rep Power
    8

    Default

    I guess you could try and

    ldd /usr/sbin/named

    to trace file locations... 'operation not permitted' sounds weird.
    Mangle things by having two copies of libldap, the suse one and the zimbra one and get each program to look for a symbolic link of whichever one suits.

    Otherwise installing a different rpm, src rpm or compiling bind from source. You are then able to determine if bind even needs an ldap library and configure accordingly.

    Dallas
    Last edited by enterprisetoday; 06-26-2007 at 04:33 PM. Reason: spelling and grammar :P

  3. #3
    Crexis's Avatar
    Crexis is offline Senior Member
    Join Date
    Feb 2006
    Posts
    54
    Rep Power
    9

    Default

    I'm also having this prob but it is on SUSE 10.1. Everything was hunky dory until I installed SUSE updates. The ver of BIND is 9.3.2 and I think it doesn't like the Zimbra libldap-2.3.so.0. I'm not a Linux guru but I wonder if it's possible to have an application specific symlink?
    Code:
    mail:/usr/sbin # ldd /usr/sbin/named
            linux-gate.so.1 =>  (0xffffe000)
            liblwres.so.9 => /usr/lib/liblwres.so.9 (0xb7f34000)
            libdns.so.21 => /usr/lib/libdns.so.21 (0xb7e2c000)
            libbind9.so.0 => /usr/lib/libbind9.so.0 (0xb7e24000)
            libisccfg.so.1 => /usr/lib/libisccfg.so.1 (0xb7e14000)
            libcrypto.so.0.9.8 => /usr/lib/libcrypto.so.0.9.8 (0xb7ceb000)
            libisccc.so.0 => /usr/lib/libisccc.so.0 (0xb7ce4000)
            libisc.so.11 => /usr/lib/libisc.so.11 (0xb7ca9000)
            libldap-2.3.so.0 => /opt/zimbra/lib/libldap-2.3.so.0 (0xb7c7a000)
            libnsl.so.1 => /lib/libnsl.so.1 (0xb7c65000)
            libpthread.so.0 => /lib/libpthread.so.0 (0xb7c51000)
            libc.so.6 => /lib/libc.so.6 (0xb7b30000)
            liblber-2.3.so.0 => /opt/zimbra/lib/liblber-2.3.so.0 (0xb7b25000)
            libdl.so.2 => /lib/libdl.so.2 (0xb7b21000)
            libresolv.so.2 => /lib/libresolv.so.2 (0xb7b0e000)
            libssl.so.0.9.7 => /usr/lib/libssl.so.0.9.7 (0xb7ade000)
            libcrypto.so.0.9.7 => /usr/lib/libcrypto.so.0.9.7 (0xb79e4000)
            /lib/ld-linux.so.2 (0xb7f59000)
    mail:/usr/sbin #
    Question now is, how on earth do you get /usr/sbin/named to look somewhere else for it's ldap library? Guess I'll just keep hunting...
    Last edited by Crexis; 06-29-2007 at 04:34 AM. Reason: Update

  4. #4
    enterprisetoday is offline Intermediate Member
    Join Date
    Jun 2007
    Location
    Brisbane
    Posts
    17
    Rep Power
    8

    Default

    It's quite possible that your bind installation isn't even using ldap, so I would try to compile a source rpm, disabling it's ldap abilities.

    Otherwise, there's possibly some libldap's in /usr/lib, but you probably uninstalled the suse ldap in order to install zimbr (without issue).

    I don't think there's any way to convince named to use anything else without recompiling.


    Dallas

  5. #5
    Crexis's Avatar
    Crexis is offline Senior Member
    Join Date
    Feb 2006
    Posts
    54
    Rep Power
    9

    Default

    Thanks for the response Dallas. I understand what you're saying but I can't help wondering, if it is not possible to change BIND's dependencies without recompiling, how did the zimbra install manage to do it? I'm pretty sure that Zimbra itself doesn't come with a BIND install but it has managed to include it's libldap into BIND's dependencies?

  6. #6
    fajarpri's Avatar
    fajarpri is offline Loyal Member
    Join Date
    Jul 2007
    Posts
    98
    Rep Power
    8

    Default

    I have exactly the same problem with Opensuse10.2.
    At first everything was OK, installation of zimbra went smoothly, all is good. I manage a local DNS on the same machine. Then, when I rebooted, bind failed to load with the same error:
    Code:
    # service named restart
    ..dead
    Shutting down name server BIND - Warning: named not running!          done
    Starting name server BIND /usr/sbin/named: error while loading shared libraries: libldap-2.3.so.0: failed to map segment from shared object: Operation not permitted
    startproc:  exit status of parent of /usr/sbin/named: 127
                                                                          failed
    So, the suggestion is to reinstall bind?

  7. #7
    fajarpri's Avatar
    fajarpri is offline Loyal Member
    Join Date
    Jul 2007
    Posts
    98
    Rep Power
    8

    Talking Solved!!

    Ah, finally!
    Apparmor is really interesting. I think it's similar to SELinux? But, with a
    much easier to manage.
    Ok, looks like by looking the audit.log, it says about bind is not allowed
    to "map" to zimbra's library. The solution is to allow it.
    To do it in apparmor, Yast > Apparmor> Edit profile > named > Add Entry > File > /opt/zimbra/lib/* > Save. Done!

    Suse is cool!

  8. #8
    Crexis's Avatar
    Crexis is offline Senior Member
    Join Date
    Feb 2006
    Posts
    54
    Rep Power
    9

    Default

    SWEET!

    Thanks Fajarpri! I found Novell AppArmor in YaST. Didn't seem to work when I tried editing the profile so I just disabled it altogether. BIND works! I wonder if this is not also fixable by adding the "named" user to the "zimbra" group or something like that.
    Last edited by Crexis; 07-03-2007 at 01:25 AM. Reason: typo

  9. #9
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    Nice fajarpri,
    Thanks for that!

  10. #10
    enew's Avatar
    enew is offline Junior Member
    Join Date
    Jun 2007
    Posts
    6
    Rep Power
    8

    Thumbs up Solved, thanks.

    The AppArmour fix worked a treat. To make it easier, after trying to start BIND (and obviously failing) go to yast and select "Novell AppArmour => Update Profile Wizard" It should detect the error from its logs and ask if you want to change the profile to allow it in future. Select yes, exit yast and start bind again. There should be no problem. Cheers, Edwin.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 31
    Last Post: 12-15-2007, 09:05 PM
  2. Replies: 8
    Last Post: 02-27-2007, 04:10 AM
  3. 3.1 on FC4 problems
    By cohnhead in forum Installation
    Replies: 8
    Last Post: 05-26-2006, 11:16 AM
  4. port 7071 not listening OS X install
    By leeimber in forum Installation
    Replies: 7
    Last Post: 03-21-2006, 10:47 AM
  5. FC3 Install and no zimbra ?
    By aws in forum Installation
    Replies: 10
    Last Post: 10-09-2005, 04:19 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •