[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Has anyone found a workaround? SASL/LDAP

To: "'Tony Earnshaw'" <tonni@billy.demon.nl>, <openldap-software@OpenLDAP.org>
Subject: RE: Has anyone found a workaround? SASL/LDAP
From: "Howard Chu" <hyc@highlandsun.com>
Date: Sat, 4 Oct 2003 14:50:52 -0700
Importance: Normal
In-reply-to: <3F7F125C.5040604@billy.demon.nl>

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Tony Earnshaw

> Howard Chu wrote:
>
> [...]
>
> >     if you're using the LDAP auxprop module that I wrote
> (in OpenLDAP's
> > contrib directory), this invokes the SASL client API.
> >     this talks to the LDAP server, and the chain of
> processing in this
> > context ends there.
>
> Although this wasn't addressed to me, I appreciate the explanation.
> however, two top Postfix LDAP (Openldap) and Cyrus SASL experts have
> given warnings about combining Openldap SASL support with
> Postfix SASL support. At all.

Those experts are giving you outdated information, with no understanding of
the actual issues.

> The SASL auxprop libraries that I use are Simon Loader's
> 2.1.13, patched
> by Pascal Gienger (u-konstanz in Germany).

I've just taken a look at Simon Loader's code, but I only found a 2.1.10
version. The comments within talk about problems when using OpenLDAP 2.0
built with SASL support. There's no mystery here - OpenLDAP 2.0 doesn't
support Cyrus SASL 2.1 (how many times have I had to say that on this list
already...) but the auxprop feature only exists in SASL 2.1. If you build
OpenLDAP 2.0 with SASL then you necessarily have to build it with SASL 1.5.
If you mix SASL 1.5 and SASL 2.1 in a single process you get a crash. 100%
guaranteed not to work.

I don't mean to drag Simon Loader thru the mud, but since you're relying on
input from "experts" I must point out that there were a number of bugs in
Cyrus' auxprop support, which I found and fixed. Simon's code has scattered
comments about "do I have to do XX only testing will tell (probably)". There
is quite a difference in design/philosophy between his work and mine - he is
willing to work in the dark, make guesses, and wonder that things don't work
all the time. I find the facts and make things work, no guessing. His code is
about 25K in size and some 3000 lines long. My code is under 7K, less than
800 lines long. Which do you suppose is easier to debug? Given the two
authors' familiarity with both the Cyrus and OpenLDAP codebases, what do you
suppose is the likelihood that either one is doing something wrong?

> I have a RH 7.2 system that works perfectly with the combination
> Openldap 2.1.22/Cyrus SASL (above auxprop) and Postfix 2.0.16
> snapshot
> (this one, same SASL auxprop), and a RH 9.0 system that barfs
> on Postfix
> SASL startup. I have to find out why. My only way is to try what my
> betters advise ;)

Make sure you're not using the RedHat bundled OpenLDAP RPMs as they're still
shipping OpenLDAP 2.0.

> I'll let everyone know, maybe sometime next week.

Good luck...

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

Follow-Ups:
- Re: Has anyone found a workaround? SASL/LDAP
  - From: Liviu Daia <Liviu.Daia@imar.ro>
- Re: Has anyone found a workaround? SASL/LDAP
  - From: Tony Earnshaw <tonni@billy.demon.nl>

References:
- Re: Has anyone found a workaround? SASL/LDAP
  - From: Tony Earnshaw <tonni@billy.demon.nl>

Prev by Date: Re: Master LDAP and Small part replicated
Next by Date: Re: Has anyone found a workaround? SASL/LDAP
Index(es):
- Chronological
- Thread