i686-pc-linux-gnu-gcc -march=pentium4 -O2 -pipe -fomit-frame-pointer -D_GNU_SOURCE -Wl,-O1 .libs/slapdS.o -o .libs/slapd main.o globals.o bconfig.o config.o daemon.o connection.o search.o filter.o add.o cr.o attr.o entry.o backend.o backends.o result.o operation.o dn.o compare.o modify.o delete.o modrdn.o ch_malloc.o value.o ava.o bind.o unbind.o abandon.o filterentry.o phonetic.o acl.o str2filter.o aclparse.o init.o user.o lock.o controls.o extended.o passwd.o schema.o schema_check.o schema_init.o schema_prep.o schemaparse.o ad.o at.o mr.o syntax.o oc.o saslauthz.o oidm.o starttls.o index.o sets.o referral.o root_dse.o sasl.o module.o mra.o mods.o sl_malloc.o zn_malloc.o limits.o operational.o matchedValues.o cancel.o syncrepl.o backglue.o backover.o ctxcsn.o ldapsync.o frontend.o slapadd.o slapcat.o slapcommon.o slapdn.o slapindex.o slappasswd.o slaptest.o slapauth.o slapacl.o component.o aci.o alock.o txn.o version.o -pthread -Wl,--export-dynamic libbackends.a liboverlays.a ../../libraries/liblunicode/liblunicode.a ../../libraries/librewrite/librewrite.a ../../libraries/liblutil/liblutil.a ../../libraries/libldap_r/.libs/libldap_r.so /mnt/ram/paludis/net-nds-openldap-2.4.10/work/openldap-2.4.10/libraries/liblber/.libs/liblber.so -L/usr/lib ../../libraries/liblber/.libs/liblber.so /usr/lib/libdb-4.5.so -lpthread /usr/lib/libsasl2.so /usr/lib/libgnutls.so /usr/lib/libtasn1.so -lz /usr/lib/libgcrypt.so /usr/lib/libgpg-error.so -lcrypt -lresolv -pthread libslapi.a /usr/lib/libltdl.so -ldl -lwrap daemon.o: In function `slap_listener_thread': daemon.c:(.text+0xe5c): warning: `sys_errlist' is deprecated; use `strerror' or `strerror_r' instead daemon.c:(.text+0xc37): warning: `sys_nerr' is deprecated; use `strerror' or `strerror_r' instead ../../libraries/liblutil/liblutil.a(passwd.o): In function `lmPasswd_to_key': passwd.c:(.text+0x7f7): undefined reference to `DES_set_odd_parity' ../../libraries/liblutil/liblutil.a(passwd.o): In function `hash_lanman': passwd.c:(.text+0x8a8): undefined reference to `DES_set_key_unchecked' passwd.c:(.text+0x8ce): undefined reference to `DES_ecb_encrypt' passwd.c:(.text+0x8e8): undefined reference to `DES_set_key_unchecked' passwd.c:(.text+0x907): undefined reference to `DES_ecb_encrypt' ../../libraries/liblutil/liblutil.a(passwd.o): In function `chk_lanman': passwd.c:(.text+0xac0): undefined reference to `DES_set_key_unchecked' passwd.c:(.text+0xae6): undefined reference to `DES_ecb_encrypt' passwd.c:(.text+0xb00): undefined reference to `DES_set_key_unchecked' passwd.c:(.text+0xb26): undefined reference to `DES_ecb_encrypt' collect2: ld returned 1 exit status make[2]: *** [slapd] Error 1 make[2]: Leaving directory `/mnt/ram/paludis/net-nds-openldap-2.4.10/work/openldap-2.4.10/servers/slapd' make[1]: *** [all-common] Error 1 make[1]: Leaving directory `/mnt/ram/paludis/net-nds-openldap-2.4.10/work/openldap-2.4.10/servers' make: *** [all-common] Error 1 /usr/libexec/paludis/utils/emake: emake returned error 2 Probably, it is very old upstream bug (try http://www.google.com/search?q=openldap+DES_set_key_unchecked), but there should be a workaround. After disabling a gnutls flag, openldap builds fine. gnutls version installed is 2.2.5 According to openldap admin guide, recommended version is 2.0.1.
2.4.11 seems to build fine here. Please check that and see if it resolves your issue, and if not, reopen.
Installed versions: 2.4.11(01:37:47 PM 10/09/2008)(crypt ipv6 kerberos perl samba sasl ssl -berkdb -debug -experimental -gnutls -iodbc -minimal -odbc -overlays -selinux -slp -smbkrb5passwd -syslog -tcpd) Colt dnd # USE=gnutls emerge -1 openldap [...] mkdir .libs rm -f .libs/slapd.nm .libs/slapd.nmS .libs/slapd.nmT creating .libs/slapdS.c (cd .libs && cc -c -fno-builtin "slapdS.c") rm -f .libs/slapdS.c .libs/slapd.nm .libs/slapd.nmS .libs/slapd.nmT x86_64-pc-linux-gnu-gcc -O2 -pipe -fforce-addr -D_FORTIFY_SOURCE=2 -fstack-protector -mtune=native -D_GNU_SOURCE -Wl,-O1 .libs/slapdS.o -o .libs/slapd main.o globals.o bconfig.o config.o daemon.o connection.o search.o filter.o add.o cr.o attr.o entry.o backend.o backends.o result.o operation.o dn.o compare.o modify.o delete.o modrdn.o ch_malloc.o value.o ava.o bind.o unbind.o abandon.o filterentry.o phonetic.o acl.o str2filter.o aclparse.o init.o user.o lock.o controls.o extended.o passwd.o schema.o schema_check.o schema_init.o schema_prep.o schemaparse.o ad.o at.o mr.o syntax.o oc.o saslauthz.o oidm.o starttls.o index.o sets.o referral.o root_dse.o sasl.o module.o mra.o mods.o sl_malloc.o zn_malloc.o limits.o operational.o matchedValues.o cancel.o syncrepl.o backglue.o backover.o ctxcsn.o ldapsync.o frontend.o slapadd.o slapcat.o slapcommon.o slapdn.o slapindex.o slappasswd.o slaptest.o slapauth.o slapacl.o component.o aci.o alock.o txn.o version.o -pthread -Wl,--export-dynamic libbackends.a liboverlays.a ../../libraries/liblunicode/liblunicode.a ../../libraries/librewrite/librewrite.a ../../libraries/liblutil/liblutil.a ../../libraries/libldap_r/.libs/libldap_r.so /var/tmp/portage/net-nds/openldap-2.4.11/work/openldap-2.4.11/libraries/liblber/.libs/liblber.so -L/usr/lib64 ../../libraries/liblber/.libs/liblber.so /usr/lib64/libsasl2.so /usr/lib64/libgnutls.so /usr/lib64/libtasn1.so -lz /usr/lib64/libgcrypt.so /usr/lib64/libgpg-error.so -lcrypt -lresolv -pthread libslapi.a /usr/lib64/libltdl.so -ldl daemon.o: In function `slapd_daemon_task': daemon.c:(.text+0x1baa): warning: `sys_errlist' is deprecated; use `strerror' or `strerror_r' instead daemon.c:(.text+0x183f): warning: `sys_nerr' is deprecated; use `strerror' or `strerror_r' instead ../../libraries/liblutil/liblutil.a(passwd.o): In function `hash_lanman': passwd.c:(.text+0x151c): undefined reference to `DES_set_key_unchecked' passwd.c:(.text+0x1534): undefined reference to `DES_ecb_encrypt' passwd.c:(.text+0x1553): undefined reference to `DES_set_key_unchecked' passwd.c:(.text+0x156b): undefined reference to `DES_ecb_encrypt' ../../libraries/liblutil/liblutil.a(passwd.o): In function `chk_lanman': passwd.c:(.text+0x1754): undefined reference to `DES_set_key_unchecked' passwd.c:(.text+0x176c): undefined reference to `DES_ecb_encrypt' passwd.c:(.text+0x178b): undefined reference to `DES_set_key_unchecked' passwd.c:(.text+0x17ab): undefined reference to `DES_ecb_encrypt' ../../libraries/liblutil/liblutil.a(passwd.o): In function `lmPasswd_to_key': passwd.c:(.text+0xa12): undefined reference to `DES_set_odd_parity' collect2: ld returned 1 exit status make[2]: *** [slapd] Error 1 make[2]: Leaving directory `/var/tmp/portage/net-nds/openldap-2.4.11/work/openldap-2.4.11/servers/slapd' make[1]: *** [all-common] Error 1 make[1]: Leaving directory `/var/tmp/portage/net-nds/openldap-2.4.11/work/openldap-2.4.11/servers' make: *** [all-common] Error 1
Don't have an option to reopen, only option is (*) Leave as RESOLVED WORKSFORME
reopening, still an issue
It should link against openssl, even if gnutls is enabled. If I add -lssl to the line, it works.
this problem only occurs when gnutls and samba use are set Building from vanilla source with ./configure --enable-lmpasswd --with-tls=gnutls make depend make give the same result.
This bug is referenced upstream on the openldap ITS http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=4997
usually libgcrypt is required when using opentls since opentls doesn't implement certain functions openssl does (like DES encryption)
Created attachment 199398 [details, diff] openldap-2.4.17-gnutls-lmpasswd-fix.patch Here's a partial, broken port of the Debian patch. It still doesn't compile, and I think it needs to be revisited from scratch.
I get the following error when compiling 2.4.17 with use samba,gnutls,ssl passwd.c:813: error: expected declaration specifiers or ..... before .des_key. passwd.c: In function .lmPasswd_to_key.: passwd.c:828: error: .key. undeclared (first use in this function) passwd.c:828: error: (Each undeclared identifier is reported only once passwd.c:828: error: for each function it appears in.) passwd.c: In function .chk_lanman.: passwd.c:839: error: .des_key. undeclared (first use in this function) passwd.c:839: error: expected .;. before .key. passwd.c:840: error: .des_context. undeclared (first use in this function) passwd.c:840: error: expected .;. before .schedule. passwd.c:841: error: .des_data_block. undeclared (first use in this function) passwd.c:841: error: expected .;. before .StdText. passwd.c:842: error: expected .;. before .PasswordHash1. passwd.c:859: error: .key. undeclared (first use in this function) passwd.c:859: error: too many arguments to function .lmPasswd_to_key. passwd.c:860: error: .schedule. undeclared (first use in this function) passwd.c:861: error: .StdText. undeclared (first use in this function) passwd.c:861: error: .PasswordHash1. undeclared (first use in this function) passwd.c:861: error: .DES_ENCRYPT. undeclared (first use in this function) passwd.c:867: error: too many arguments to function .lmPasswd_to_key. passwd.c:869: error: .PasswordHash2. undeclared (first use in this function) passwd.c: In function .hash_lanman.: passwd.c:1135: error: .des_key. undeclared (first use in this function) passwd.c:1135: error: expected .;. before .key. passwd.c:1136: error: .des_context. undeclared (first use in this function) passwd.c:1136: error: expected .;. before .schedule. passwd.c:1137: error: .des_data_block. undeclared (first use in this function) passwd.c:1137: error: expected .;. before .StdText. passwd.c:1138: error: expected .;. before .PasswordHash1. passwd.c:1155: error: .key. undeclared (first use in this function) passwd.c:1155: error: too many arguments to function .lmPasswd_to_key. passwd.c:1156: error: .schedule. undeclared (first use in this function) passwd.c:1157: error: .StdText. undeclared (first use in this function) passwd.c:1157: error: .PasswordHash1. undeclared (first use in this function) passwd.c:1157: error: .DES_ENCRYPT. undeclared (first use in this function) passwd.c:1159: error: too many arguments to function .lmPasswd_to_key. passwd.c:1161: error: .PasswordHash2. undeclared (first use in this function) make[2]: *** [passwd.o] Error 1 I've reported this issue in the OpenLDAP ITS (see http://www.openldap.org/its/index.cgi?findid=6232). I've tried to find out, why it fails to compile on my system, and it's because of neither HAVE_OPENSSL nor HAVE_MOZNSS is defined, when with-tls is set to gnutls. Thus, no header file is included, and des_key is unset. I've adapted the patch from #19 and openldap compiles without any errors. I've just moved the section, where des_key is defined up so far that it's before the first occurrence of des_key.
Created attachment 199442 [details, diff] Patch for OpenLDAP 2.417 to use gnutls
Comment on attachment 199442 [details, diff] Patch for OpenLDAP 2.417 to use gnutls This patch fixes the compile issue when using gnutls as tls library.
*** Bug 279501 has been marked as a duplicate of this bug. ***
Fixed in 2.4.17-r1.