[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Complete novice with OpenLDAP



At 03:52 PM 4/20/2004, Jim wrote:
>I was wondering if any of you nice folks could help a complete noob with 
>compiling and installing a clean LDAP v3 compliant install of OpenLDAP and 
>its dependencies

Discussion of how to install, configure, and use
dependencies, such as those your having with below,
are better taken to lists specifically
chartered to discuss such issues.
        openssl-users@openssl.org
        cyrus-sasl@lists.andrew.cmu.edu 

Beyond that, look at INSTALL, the Admin Guide, and
the FAQ for basics on how to install and use OpenLDAP
Software.

Kurt

>so that I can learn all about it and play with it a little.
>I'm trying to write a J2EE java project that requires the use of LDAP in its 
>authentication procedure.
>
>I was looking around on the web and discovered that my distro (SusE 8.2) 
>suffers from a security flaw in Openssl and a few other things.  So in order 
>to avoid the flaws I downloaded the latest stable sources of all of the 
>dependencies for OpenLDAP and I'd like to get comfortable with all of it in 
>its own little sandbox before I unleash it on anything else.
>
>Here's a list of what I've done so far:
>
>Building Openssl
>----------------------
>1)tar zxvf openssl-0.9.7d.tar.gz
>cd openssl-0.9.7d
>
>2)./config --prefix=/data1/opensslLH --openssldir=/data1/openssl
>
>3)make
>make test
>make install
>
>So far everything worked, the built-in tests worked fine and it's happy to 
>respond to a 'openssl genrsa' command.
>
>In the openssldir (i.e. /data1/openssl) dir the following are installed:
>certs/ lib/ man/ misc/ private/ openssl.cnf
>
>In the prefix dir (i.e /data1/opensslLH) the following are installed:
>bin/ include/ lib/
>
>As root PREPEND the library directory to /etc/ld.so.conf
>/data1/opensslLH/lib
>...
>...
>
>and then run ldconfig to initiate the path.
>
>Building Sleepycat Berkeley DB
>-----------------------------------------
>1)tar zxvf db-4.2.52.NC.tar.gz
>2)copy the patch files in to the root of the untarred source tree
>cp patch.4.2.52.1 db-4.2.52.NC/
>cp patch.4.2.52.2 db-4.2.52.NC/
>
>3)apply the patches to the code tree root
>cd db-4.2.52.NC/
>patch -p0 < patch.4.2.52.1
>patch -p0 < patch.4.2.52.2
>
>4)Now we're ready to configure!
>
>cd build_unix
>../dist/configure --prefix=/data1/bdb
>
>make
>make install
>
>5)As root PREPEND the library path in /etc/ld.so.conf
>/data1/bdb/lib
>...
>...
>
>and run ldconfig to re-initialize.
>
>Building SASL
>I downloaded and attempted to compile the SASL 2.1.18
>Source code 
>
>All I seem to be getting when doing a ./configure (and I'll spare you most of 
>the spam) are messages like:
>configure: WARNING: Disabling SASL authentication database support
>configure: WARNING: OpenSSL not found -- OTP will be disabled
>configure: WARNING: OpenSSL not found -- SRP will be disabled
>configure: WARNING: Disabling GSSAPI - no include files found
>configure: WARNING: OpenSSL not found -- NTLM will be disabled
>
>and sure enough when trying to build this using make, it barfs with the 
>following:
>digestmd5.c:77:19: des.h: No such file or directory
>digestmd5.c:736: error: parse error before "des_key_schedule"
>digestmd5.c:736: warning: no semicolon at end of struct or union
>digestmd5.c:737: warning: type defaults to `int' in declaration of `ivec'
>digestmd5.c:737: warning: data definition has no type or storage class
>digestmd5.c:738: error: parse error before "keysched2"
>digestmd5.c:738: warning: type defaults to `int' in declaration of `keysched2'
>digestmd5.c:738: warning: data definition has no type or storage class
>digestmd5.c: In function `dec_3des':
>digestmd5.c:773: warning: implicit declaration of function 
>`des_ede2_cbc_encrypt'
>digestmd5.c:776: error: dereferencing pointer to incomplete type
>digestmd5.c:777: error: dereferencing pointer to incomplete type
>digestmd5.c:778: error: dereferencing pointer to incomplete type
>digestmd5.c:779: error: `DES_DECRYPT' undeclared (first use in this function)
>digestmd5.c:779: error: (Each undeclared identifier is reported only once
>digestmd5.c:779: error: for each function it appears in.)
>digestmd5.c: In function `enc_3des':
>digestmd5.c:824: error: dereferencing pointer to incomplete type
>digestmd5.c:825: error: dereferencing pointer to incomplete type
>digestmd5.c:826: error: dereferencing pointer to incomplete type
>digestmd5.c:827: error: `DES_ENCRYPT' undeclared (first use in this function)
>digestmd5.c: In function `init_3des':
>digestmd5.c:842: error: invalid application of `sizeof' to an incomplete type
>digestmd5.c:847: warning: implicit declaration of function `des_key_sched'
>digestmd5.c:847: error: `des_cblock' undeclared (first use in this function)
>digestmd5.c:847: error: parse error before ')' token
>digestmd5.c:851: error: parse error before ')' token
>digestmd5.c:853: error: dereferencing pointer to incomplete type
>digestmd5.c:858: error: increment of pointer to unknown structure
>digestmd5.c:858: error: arithmetic on pointer to an incomplete type
>digestmd5.c:860: error: parse error before ')' token
>digestmd5.c:864: error: parse error before ')' token
>digestmd5.c:867: error: dereferencing pointer to incomplete type
>digestmd5.c: In function `dec_des':
>digestmd5.c:891: warning: implicit declaration of function `des_cbc_encrypt'
>digestmd5.c:894: error: dereferencing pointer to incomplete type
>digestmd5.c:895: error: dereferencing pointer to incomplete type
>digestmd5.c:896: error: `DES_DECRYPT' undeclared (first use in this function)
>digestmd5.c:900: error: dereferencing pointer to incomplete type
>digestmd5.c: In function `enc_des':
>digestmd5.c:945: error: dereferencing pointer to incomplete type
>digestmd5.c:946: error: dereferencing pointer to incomplete type
>digestmd5.c:947: error: `DES_ENCRYPT' undeclared (first use in this function)
>digestmd5.c:951: error: dereferencing pointer to incomplete type
>digestmd5.c: In function `init_des':
>digestmd5.c:966: error: invalid application of `sizeof' to an incomplete type
>digestmd5.c:971: error: `des_cblock' undeclared (first use in this function)
>digestmd5.c:971: error: parse error before ')' token
>digestmd5.c:973: error: dereferencing pointer to incomplete type
>digestmd5.c:978: error: increment of pointer to unknown structure
>digestmd5.c:978: error: arithmetic on pointer to an incomplete type
>digestmd5.c:980: error: parse error before ')' token
>digestmd5.c:982: error: dereferencing pointer to incomplete type
>digestmd5.c: In function `digestmd5_server_mech_step2':
>digestmd5.c:2000: warning: dereferencing type-punned pointer will break 
>strict-aliasing rules
>digestmd5.c:2017: warning: dereferencing type-punned pointer will break 
>strict-aliasing rules
>
>What I think should work, given that I'm not really interested in kerberos or 
>otp right now is the following:
>
>./configure <<!
>--prefix=/data1/sasl
>--exec-prefix=/data1/sasl/exec
>--enable-anon
>--enable-plain
>--enable-login
>--disable-krb4
>--disable-otp
>--enable-cram
>--enable-digest
>--enable-java
>--with-bdb-libdir=/data1/bdb/lib
>--with-bdb-incdir=/data1/bdb/include
>--with-openssl=/data1/opensslLH
>--with-plugindir=/usr/lib/sasl2
>--with-dbpath=/data1/sasl/sasldb2
>!
>
>I still get the same Openssl warnings and sure enough it still barfs with the 
>same errors during make.
>
>I've searched high and low all over the web for some useful information about 
>Cyrus SASL, but the only thing that seems to be found is Cyrus-IMAP Cyrus 
>Server and the like, nothing useful to me for this project.
>Pretty much everything has suggested to download and use the binary RPM files 
>(which are now wildly out of date and very security prone).  Nearly all of 
>the howtos are suggesting versions like 1.5.x SASL 4.0.x bdb and 2.0.x 
>OpenLDAP which I think is a bad thing.
>
>I'm looking for a nice simple set of configuration options for the cyrus-sasl 
>libraries that will allow me to link properly to the pre-requisites (without 
>dying horribly) and also some OpenLDAP ./configure options to link properly.
>
>TIA,
>Jim