Re: saslauxprop and libldapdb, auxpropfunc error -7

[Joe Rhodes <lists@joerhodes.com>]

Greetings all:

As background, I'm trying to get the libldap auxprop plugin 
(distributed with OpenLDAP) for SASL to work.  The goal is to have 
services that use SASL be able to use secure password exchanges 
(DIGESTMD5, etc.) when the user account info is stored in OpenLDAP.

> > However I have no joy when trying to us it.  When I start slapd, I
> > immediately note an error in my system log
> >
> > Phoenicia slapd[9847]:  auxpropfunc error -7
> This is by design. By default, libldapdb will always fail to load in 
> slapd.
> slapd doesn't need it, it has its own built in. slapd must never 
> successfully
> load the libldapdb plugin, otherwise it will cause an infinite loop.

Boy does that make a lot of  sense. :)

> > I get the same error as soon as my IMAP server tries to
> > authenticate a
> > user.  I see no messages from the console where slapd is running in
> > debug mode (256).  Running the IMAP server in gdb, and using
> > the "show
> > info" command, it does not appear that the libldapdb library
> > is loaded.
> >   My assumption is that I've not compiled it correctly.  I've
> > been less
> > than successful in finding much other documentation around for doing
> > this.  If anyone knows of some, It would be helpful.  Once I
> > muddle my
> > way though this, I'll post the procedure.
>
> Use ldd on libldapdb.so and see what libraries it's looking for. Make 
> sure
> all of those libraries can be located at runtime.
>
> This is the rule I added to my sasl/plugins/Makefile to build the 
> module:
>
> libldapdb.la: ldapdb.lo
>         $(LINK)  $(libsasldb_la_LDFLAGS) ldapdb.lo -lldap -llber 
> $(LIBS)

Well, I've compiled it a number of times and with a number of 
suggestions.  I'm starting to think that perhaps it is compiled 
correctly, but I'm missing some key config item that allows it to 
successfully load.

Trying Howard Chu's suggestion above, I see it needing the following 
libraries, all of which are present and executable on my system:

[root@Phoenicia sasl2]# ldd libldapdb.so
       libldap.so.2 => /usr/lib/libldap.so.2 (0x40010000)
       liblber.so.2 => /usr/lib/liblber.so.2 (0x4003b000)
       libresolv.so.2 => /lib/libresolv.so.2 (0x40046000)
       libc.so.6 => /lib/i686/libc.so.6 (0x42000000)
       libdl.so.2 => /lib/libdl.so.2 (0x40058000)
       libssl.so.0.9.7 => /usr/lib/libssl.so.0.9.7 (0x4005b000)
       libcrypto.so.0.9.7 => /usr/lib/libcrypto.so.0.9.7 (0x4008a000)
       /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x80000000)


Running the Cyrus sample program, or the Cyrus IMAP server (which does, 
BTW, authenticate OK with the sasldb plugin), I just keep getting the 
aupropfunc error -7.  I'm starting to wonder if perhaps my 
configuration file for the server (in this case /etc/imapd.conf) is 
wrong.  Would this keep the plugin from loading?  Below in my 
imapd.conf file:

partition-default: /var/spool/imap
admins: cyrus root
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: libldapdb
ldapdb_uri: ldapi://127.0.0.1
ldapdb_id:  admin
ldapdb_pw: password
ldapdb_mech: PLAIN

After reading some of the messages previous to this, it seems that the 
plugin may be looking in /usr/lib/sasl2 for the config file, so I've 
copied it there as well.

I've tried derivations of the ldapdb_uri:  directive, but no luck.  
(ldapdb_uri: ldap://127.0.0.1 ldapdb_uri:  127.0.0.1  ldapdb_uri:  
ldap://  ldapdb_uri:  ldapi://)

Any thoughts?  I'm at a loss even for where to keep poking at this 
thing.  As before, running slapd from the console in debug mode (-d 
256) is not even registering any hits at all. Right now I'd consider it 
a small victory if the plugin would at least *touch* slapd.  Then I'm 
sure it will be a whole separate adventure to get it configured 
properly.  But that's for later.


Thanks for any and all help.

Cheers!
-Joe