[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#5115) SASL authentication for AD
Full_Name: Richard Beckett
Version: 2.3.38
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (65.209.203.254)
I have posted this before but still have not resolved the problem.
I am building OpenLDAP 2.3.38. on a RHEL ES v4 host
When I make it without having first built TLS/SSL (openssl-0.9.8e) it builds and
runs fine. However I need the SSL and SASL to authenticate to an Active
Directory server.
When I build SSL as follows:
./configure shared --openssldir=/usr/local
make
make install
and then try to make OpenLDAP I ge the following:
cc -g -O2 -o apitest apitest.o ./.libs/libldap.a
/usr/local/src/LDAP/openldap-2.3.38/libraries/liblber/.libs/liblber.a
-L/usr/kerberos/lib -L/lib -L/usr/lib/mysql
../../libraries/liblber/.libs/liblber.a ../../libraries/liblutil/liblutil.a
/usr/lib/libsasl2.so -ldl -lcrypt -lssl -lcrypto -lresolv
./.libs/libldap.a(os-ip.o)(.text+0x606): In function `ldap_connect_to_host':
/usr/local/src/LDAP/openldap-2.3.38/libraries/libldap/os-ip.c:205: warning:
`sys_errlist' is deprecated; use `strerror' or `strerror_r' instead
./.libs/libldap.a(os-ip.o)(.text+0x5fd):/usr/local/src/LDAP/openldap-2.3.38/libraries/libldap/os-ip.c:205:
warning: `sys_nerr' is deprecated; use `strerror' or `strerror_r' instead
./.libs/libldap.a(tls.o)(.text+0x593): In function `sb_tls_bio_read':
/usr/local/src/LDAP/openldap-2.3.38/libraries/libldap/tls.c:676: undefined
reference to `BIO_clear_flags'
./.libs/libldap.a(tls.o)(.text+0x5b8):/usr/local/src/LDAP/openldap-2.3.38/libraries/libldap/tls.c:680:
undefined reference to `BIO_set_flags'
./.libs/libldap.a(tls.o)(.text+0x60b): In function `sb_tls_bio_write':
/usr/local/src/LDAP/openldap-2.3.38/libraries/libldap/tls.c:703: undefined
reference to `BIO_clear_flags'
./.libs/libldap.a(tls.o)(.text+0x630):/usr/local/src/LDAP/openldap-2.3.38/libraries/libldap/tls.c:707:
undefined reference to `BIO_set_flags'
./.libs/libldap.a(tls.o)(.text+0x19f0): In function
`ldap_pvt_tls_init_def_ctx':
/usr/local/src/LDAP/openldap-2.3.38/libraries/libldap/tls.c:374: undefined
reference to `SSL_CTX_set_info_callback'
collect2: ld returned 1 exit status
make[2]: *** [apitest] Error 1
make[2]: Leaving directory
`/usr/local/src/LDAP/openldap-2.3.38/libraries/libldap'
make[1]: *** [all-common] Error 1
make[1]: Leaving directory `/usr/local/src/LDAP/openldap-2.3.38/libraries'
make: *** [all-common] Error 1
My environment is:
HOSTNAME=ldaplx01.exelixis.com
TERM=xterm
SHELL=/bin/bash
HISTSIZE=1000
SSH_CLIENT=::ffff:172.29.4.19 51159 22
OLDPWD=/usr/local/lib
SSH_TTY=/dev/pts/1
USER=root
LD_LIBRARY_PATH=/usr/local/lib
LS_COLORS=no=00:fi=00:di=00;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=00;32:*.cmd=00;32:*.exe=00;32:*.com=00;32:*.btm=00;32:*.bat=00;32:*.sh=00;32:*.csh=00;32:*.tar=00;31:*.tgz=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.zip=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.bz=00;31:*.tz=00;31:*.rpm=00;31:*.cpio=00;31:*.jpg=00;35:*.gif=00;35:*.bmp=00;35:*.xbm=00;35:*.xpm=00;35:*.png=00;35:*.tif=00;35:
MAIL=/var/spool/mail/root
PATH=/opt/quest/bin:/opt/quest/sbin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin
INPUTRC=/etc/inputrc
PWD=/usr/local/src/LDAP/openldap-2.3.38
LANG=en_US.UTF-8
SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
SHLVL=1
HOME=/root
LOGNAME=root
SSH_CONNECTION=::ffff:172.29.4.19 51159 ::ffff:172.29.24.108 22
LESSOPEN=|/usr/bin/lesspipe.sh %s
G_BROKEN_FILENAMES=1
_=/bin/env
Without SSL I am unable to authenticate to the Active Directory server. I get
the following message:
SASL/EXTERNAL authentication started
ldap_perror
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:
I have ssl yes set in /etc/ldap.conf and I assume (always dangerous) that the
problem lies with the fact that I am unable to build ldap with SSL.
Any help would be appreciated.
Richard-Beckett-070829