On Fri, 28 Feb 2003, Quanah Gibson-Mount wrote:
--On Friday, February 28, 2003 9:05 AM -0500 Stephen Frost
<sfrost@snowman.net> wrote:
* Quanah Gibson-Mount (quanah@stanford.edu) wrote:
Is there any reason you are using such an outdated version of
Cyrus-SASL? The current Cyrus-SASL version is 2.1.12. Also, OpenLDAP
does not function well with OpenSSL 0.9.7 last I heard, so you might
want to drop back to OpenSSL 0.9.6i. You also will want to use
Berkeley DB 4.1.25, not 4.1.24. I'd try making those changes, and then
compiling and seeing what happens.
Can you substantiate this? I'm using OpenSSL 0.9.7 with OpenLDAP 2.1.12
here with TLS and everything turned on and it is working fine for me so
far. The problem I've run into in the past is when 0.9.7 and 0.9.6 end
up getting linked into the same running program because of SASL or some
other piece of the system being compiled against 0.9.6 while OpenLDAP is
compiled against 0.9.7.
Stephen,
When I started to compile OpenLDAP-2.1.12 against 0.9.7, I immediately got
a note from Howard Chu saying that he had done so already, and ran into
problems with it. I have not pursued using it, since Howard has an
accurate idea of what does & doesn't work with OpenLDAP. Hopefully he can
provide a more detailed answer.
Openldap 2.1.13/Openssl 0.9.7a works fine for me on Solaris 9. In
addition, I beleive that openssl 0.9.7a is safer to use than previous
versions of openssl because of conflicting apis with libc and libcrypt
(crypt, des_crypt come to mind).
There is a compile issue when openldap is configured with --enable-crypt
--enable-lmpasswd options. The problem is with conflicting des_crypt
api/macro between libcrypt(solaris) and libcrypto(openssl). I fixed this
calling DES_crypt() rather than crypt() in passwd.c. Another possible
solution might be to #include <openssl/des.h> before #include <crypt.h>.
This will ensure that solaris' libcrypt/des_crypt() is used.
--
Igor