Trying to run sudo or configure eDirectory results in an error: unable to dlopen /usr/libexec/sudoers.so

  • 7021178
  • 03-Aug-2017
  • 05-Dec-2017

Environment

eDirectory 9.x
RHES 7.3

Situation

eDirectory was extracted and installed.  Then the ndspath command was run:
. /opt/novell/eDirectory/bin/ndspath'

After that running the sudo command on Red Hat 7.3, prior to configuring eDirectory, returns the following:

sudo: unable to dlopen /usr/libexec/sudoers.so: (null)
sudo: fatal error, unable to load plugins

ERROR: Systemd daemon-reload failed.

ERROR: ndsconfig return value = 1.

Resolution

On RHES 7.3 /usr/libexec/sudoers.so is dynamically linked to its own libldap_r and liblber.  When ndspath is run it sets the LD_LIBRARY_PATH.  Afterward, eDirectory's libldap and liblber are loaded which, in-turn, will try to load eDirectory's crypto. 

The libldap and liblber that comes with RHES is linked to a different crypto.  Therefore, any utility dependent on these cryptos can be affected and its loading will fail.

Additional Information

To resolve this issue simply reset the terminal, start another one or modify out the environment's LD_LIBRARY_PATH.  (IE., unset LD_LIBRARY_PATH).

Running .ndspath is no longer required by eDirectory 9's utiltities as they have an rpath set. 



Note: there is also an issue where a product's installation may create a /etc/ld.so.conf.d/ntls.conf or /etc/ld.so.conf.d/ice.conf file.  If this is the case please perform the following:

mv /etc/ld.so.conf.d/ntls.conf /etc/ld.so.conf.d/ntls.conf.OLD
ldconfig

or

mv /etc/ld.so.conf.d/ice.conf /etc/ld.so.conf.d/ice.conf.OLD
ldconfig