Re: Error - not compiled with SASL support

On Wed, Feb 15, 2012 at 5:34 PM, anax <anax@ayni.com> wrote:

Hoi Gaurav
if you did a vanilla install from a distro, you may be as lucky as to find a package in this distro (such as openldap-sasl or similar), which "converts" your LDAP server into an LDAP server, which is SASL capable.
If there is no such package, there is no way around recompilation of the LDAP server.
Also, have you considered upgrading or re-installing the entire system?

suomi

On 02/15/2012 12:04 PM, Gaurav Gugnani wrote:

Hello Howard,

Thks for your support.
I installed open ldap from source.

So, *the crux is:*

Q> First i need to install the cyrus-sasl package and then i need to
install the open-ldap with sasl option??
Plz confirm if my understanding is correct?

Now, my scenario is this:
In production open-ldap is already running with bind method =SIMPLE.
So, How can i switch to bind method=SASL?

I can plan for downtime, But re-compiling will take lot of time...and
its bit risky too.
Do we have any other way to implement SASL?

Thanks and Regards,
Gaurav Gugnani

On Wed, Feb 15, 2012 at 3:52 PM, Howard Chu <hyc@symas.com
<mailto:hyc@symas.com>> wrote:

Dieter Klünter wrote:

Am Wed, 15 Feb 2012 10:19:10 +0530
schrieb Gaurav Gugnani<gugnanigaurav@gmail.__com
<mailto:gugnanigaurav@gmail.com>>:

Hello All,

I'm *trying to implement SASL on the openldap of version
2.4.26.*

First we install the openldap and then we install the necessary
packages of cyrus-sasl.

*Packages of cyrus-sasl:* (installed in below mentioned order)
cyrus-sasl-lib-2.1.22-5.el5_4.__3.x86_64.rpm
cyrus-sasl-devel-2.1.22-5.el5___4.3.x86_64.rpm
cyrus-sasl-plain-2.1.22-5.el5___4.3.x86_64.rpm
cyrus-sasl-2.1.22-5.el5_4.3.__x86_64.rpm
cyrus-sasl-ldap-2.1.22-5.el5___4.3.x86_64.rpm
cyrus-sasl-md5-2.1.22-5.el5_4.__3.x86_64.rpm

After then i set up the SASL with proper ACL's (having the
steps and
also i setup the same on some other box where it running fine)
*Steps:*
*1> *Modify /usr/lib64/sasl2/slapd.conf
*# SASL Configuration
pwcheck_method: auxprop
auxprop_plugin: slapd
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5*
*2> *Modify $LDAP_HOME/etc/openladp/slapd.__conf

*password-hash {CLEARTEXT}
authz-regexp uid=(.*),cn=DIGEST-MD5,cn=auth
uid=$1,ou=System,o=xyz*

but it throws all together different error to me:
/u01/app/openldap/product/2.4.__26/etc/openldap> ldapwhoami -Y

DIGEST-MD5 ldapwhoami: not compiled with SASL support

And similar errors for ldapsearch and other commands.

It suggests to me that some package installation is not proper.

Can any one guide me on this.

Check whether ldapwhoami is linked against libsasl2,
ldd ldapwhoami

There is nothing to check. The error message "not compiled with SASL
support" could not be any plainer.

If he installed OpenLDAP from a distro package, then he needs to
complain to his distro provider. If he built OpenLDAP from source,
then of course it had no SASL support since he says he didn't
install SASL until *after* he installed OpenLDAP. Obviously you
can't compile with SASL support if the SASL devel packages weren't
already present at compile time.

--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/__project/
<http://www.openldap.org/project/>