Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Why did CentOS 8.x curl drop ldap url support?
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Jamshid Afshar via curl-users <curl-users_at_lists.haxx.se>
Date: Tue, 7 Mar 2023 13:35:16 -0600
Thanks for the replies last year and Daniel's blog explains a lot.
Unfortunately things are worse now with RHEL version 9 e.g.
rockylinux:9 which a lot of people are moving to after centos
imploded.
Experimenting with "docker run -ti rockylinux:9 bash":
Have to use new flag --allowerasing to replace minimal curl.
# yum install --allowerasing curl
Even then the ldap protocol is not supported. Installing curl-full
doesn't help, it's already installed.
[root_at_256e44eab125 /]# curl ldap://host.docker.internal:389
curl: (1) Protocol "ldap" not supported or disabled in libcurl
Similar behavior with rocklylinux:8. Seems these OS maintainers are
intent on breaking existing curl users and appears they've made it
impossible to get that functionality back.
--Jamshid
On Fri, Apr 1, 2022 at 4:17 AM Alex via curl-users
<curl-users_at_lists.haxx.se> wrote:
>
> Hi.
>
> On Thu, 31 Mar 2022 23:13:11 -0500
> Jamshid Afshar via curl-users <curl-users_at_lists.haxx.se> wrote:
>
> > I'm hoping someone on curl-users knows why CentOS 8, and probably
> > RedHat 8.x, have dropped "ldap" support in their pre-installed curl?
> > It now reports:
> >
> > curl: (1) Protocol "ldap" not supported or disabled in libcurl
> >
> > Was it a conscious decision, maybe to reduce attack surface, or save a
> > few bytes?
> >
> > I should post this to a CentOS forum but I don't have much luck there.
> >
> > Curl's support for ldap is really helpful when diagnosing network and
> > configuration issues. Remember ldap urls can include search
> > parameters.
> >
> > I see ldap support is in Fedora's curl (see below tests using docker),
> > so maybe support will come back to centos 8.x?
> >
> > Thanks,
> > Jamshid
> >
> > ==========================
> >
> > # centos 8 curl dropped support for ldap, it is in centos 7.
> > % docker run -ti centos:8 bash
> > [root_at_d23ca25a38cb /]# curl ldap://openldap.example.com
> > curl: (1) Protocol "ldap" not supported or disabled in libcurl
> >
> > [root_at_d23ca25a38cb /]# curl -V
> > curl 7.61.1 (x86_64-redhat-linux-gnu) libcurl/7.61.1 OpenSSL/1.1.1g
> > zlib/1.2.11 nghttp2/1.33.0
> > Release-Date: 2018-09-05
> > Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s
> > rtsp smb smbs smtp smtps telnet tftp
> > Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM
> > NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy Metalink
> >
> > # Fedora still has ldap support, maybe that means it will come back in centos
> > 8? % docker run -ti fedora:latest bash
> > [root_at_5a056cca9b75 /]# curl ldap://openldap.example.com
> > DN:
> > objectClass: top
> > objectClass: OpenLDAProotDSE
> >
> > [root_at_5a056cca9b75 /]# curl -V
> > curl 7.79.1 (x86_64-redhat-linux-gnu) libcurl/7.79.1
> > OpenSSL/1.1.1l-fips zlib/1.2.11 brotli/1.0.9 libidn2/2.3.2
> > libpsl/0.21.1 (+libidn2/2.3.2) libssh/0.9.6/openssl/zlib
> > nghttp2/1.45.1 OpenLDAP/2.4.59
> > Release-Date: 2021-09-22
> > Protocols: dict file ftp ftps gopher gophers http https imap imaps
> > ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet
> > tftp
> > Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN
> > IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP
> > UnixSockets
> > [root_at_5a056cca9b75 /]#
>
> Pay attention that Fedora have a initiative to reduce the default curl to a
> curl minimal install which will not have ldap support by default.
>
> https://lists.fedoraproject.org/archives/list/devel_at_lists.fedoraproject.org/thread/SH5WAIBVF7GVSKL2VPMSQKY7BB4QYEB5/
>
> That's the info from Daniel about this topic.
>
> https://daniel.haxx.se/blog/2022/03/16/fedora-and-curl-minimal/
>
>
> Regards
> Alex
> --
> Unsubscribe: https://lists.haxx.se/listinfo/curl-users
> Etiquette: https://curl.haxx.se/mail/etiquette.html
Date: Tue, 7 Mar 2023 13:35:16 -0600
Thanks for the replies last year and Daniel's blog explains a lot.
Unfortunately things are worse now with RHEL version 9 e.g.
rockylinux:9 which a lot of people are moving to after centos
imploded.
Experimenting with "docker run -ti rockylinux:9 bash":
Have to use new flag --allowerasing to replace minimal curl.
# yum install --allowerasing curl
Even then the ldap protocol is not supported. Installing curl-full
doesn't help, it's already installed.
[root_at_256e44eab125 /]# curl ldap://host.docker.internal:389
curl: (1) Protocol "ldap" not supported or disabled in libcurl
Similar behavior with rocklylinux:8. Seems these OS maintainers are
intent on breaking existing curl users and appears they've made it
impossible to get that functionality back.
--Jamshid
On Fri, Apr 1, 2022 at 4:17 AM Alex via curl-users
<curl-users_at_lists.haxx.se> wrote:
>
> Hi.
>
> On Thu, 31 Mar 2022 23:13:11 -0500
> Jamshid Afshar via curl-users <curl-users_at_lists.haxx.se> wrote:
>
> > I'm hoping someone on curl-users knows why CentOS 8, and probably
> > RedHat 8.x, have dropped "ldap" support in their pre-installed curl?
> > It now reports:
> >
> > curl: (1) Protocol "ldap" not supported or disabled in libcurl
> >
> > Was it a conscious decision, maybe to reduce attack surface, or save a
> > few bytes?
> >
> > I should post this to a CentOS forum but I don't have much luck there.
> >
> > Curl's support for ldap is really helpful when diagnosing network and
> > configuration issues. Remember ldap urls can include search
> > parameters.
> >
> > I see ldap support is in Fedora's curl (see below tests using docker),
> > so maybe support will come back to centos 8.x?
> >
> > Thanks,
> > Jamshid
> >
> > ==========================
> >
> > # centos 8 curl dropped support for ldap, it is in centos 7.
> > % docker run -ti centos:8 bash
> > [root_at_d23ca25a38cb /]# curl ldap://openldap.example.com
> > curl: (1) Protocol "ldap" not supported or disabled in libcurl
> >
> > [root_at_d23ca25a38cb /]# curl -V
> > curl 7.61.1 (x86_64-redhat-linux-gnu) libcurl/7.61.1 OpenSSL/1.1.1g
> > zlib/1.2.11 nghttp2/1.33.0
> > Release-Date: 2018-09-05
> > Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s
> > rtsp smb smbs smtp smtps telnet tftp
> > Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM
> > NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy Metalink
> >
> > # Fedora still has ldap support, maybe that means it will come back in centos
> > 8? % docker run -ti fedora:latest bash
> > [root_at_5a056cca9b75 /]# curl ldap://openldap.example.com
> > DN:
> > objectClass: top
> > objectClass: OpenLDAProotDSE
> >
> > [root_at_5a056cca9b75 /]# curl -V
> > curl 7.79.1 (x86_64-redhat-linux-gnu) libcurl/7.79.1
> > OpenSSL/1.1.1l-fips zlib/1.2.11 brotli/1.0.9 libidn2/2.3.2
> > libpsl/0.21.1 (+libidn2/2.3.2) libssh/0.9.6/openssl/zlib
> > nghttp2/1.45.1 OpenLDAP/2.4.59
> > Release-Date: 2021-09-22
> > Protocols: dict file ftp ftps gopher gophers http https imap imaps
> > ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet
> > tftp
> > Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN
> > IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP
> > UnixSockets
> > [root_at_5a056cca9b75 /]#
>
> Pay attention that Fedora have a initiative to reduce the default curl to a
> curl minimal install which will not have ldap support by default.
>
> https://lists.fedoraproject.org/archives/list/devel_at_lists.fedoraproject.org/thread/SH5WAIBVF7GVSKL2VPMSQKY7BB4QYEB5/
>
> That's the info from Daniel about this topic.
>
> https://daniel.haxx.se/blog/2022/03/16/fedora-and-curl-minimal/
>
>
> Regards
> Alex
> --
> Unsubscribe: https://lists.haxx.se/listinfo/curl-users
> Etiquette: https://curl.haxx.se/mail/etiquette.html
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-03-07