RHBA-2011:0606 - Bug Fix Advisory

Topic

An updated bind-dyndb-ldap package that fixes several bugs and adds several
enhancements is now available for Red Hat Enterprise Linux 6.

Description

The dynamic LDAP back-end is a plug-in for BIND that provides an LDAP
database back-end capabilities. It features support for dynamic updates and
internal caching, to lift the load off of your LDAP server.

This update fixes the following bugs:

• the plugin didn't load child zones correctly. The plugin has been fixed and

now loads child zones well. (BZ#658286)

• named aborted when attempting to connect to a local LDAP server during boot.

Now it does not abort but the administrator must call "rndc reload" when LDAP
server starts to correctly fetch zones. (BZ#662930)

• the plugin flooded logs with too many messages. Now those messages are logged

only when named is started with the "-d" (debug) parameter. (BZ#666244)

• the plugin was rebased to 0.2.0 bugfix release. (BZ#667704)
• queries for ANY type were not handled correctly, only SOA records were

returned. The plugin was fixed and now all records are returned when asked.
(BZ#667727)

• the plugin failed to reconnect to the LDAP server when SASL authentication was

used. The plugin was fixed and reconnection now works. (BZ#667730)

• the plugin failed to delete nodes from the LDAP database when all resource

records associated with the node were removed. Now the plugin deletes the empty
nodes. (BZ#667732)

• the plugin did not emit enough information when it was configured to use

invalid credentials. Now it emits enough details. (BZ#667733)

This update adds the following enhancements:

• It is now possible to specify allow-query and allow-transfer ACLs for zones.

(BZ#667729)

• It is now possible to set timeout for queries to the LDAP server. (BZ#667734)

Users are advised to upgrade to this updated bind-dyndb-ldap package, which
resolves these issues.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux for IBM z Systems 6 s390x
• Red Hat Enterprise Linux for Power, big endian 6 ppc64
• Red Hat Enterprise Linux Server from RHUI 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) 6 s390x

Fixes

• BZ - 662930 - named fails to start if using local ldap server
• BZ - 666244 - bind-dyndb-ldap produces excessive logs
• BZ - 667727 - Fix handling of ANY queries
• BZ - 667730 - Reconnection fails with SASL
• BZ - 667732 - Addition/deletion of records only uses modify operations
• BZ - 667733 - Bad handling of invalid credentials
• BZ - 667734 - Set a reasonable timeout for LDAP queries

CVEs

(none)

References

(none)