[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7118) [PATCH] Improve SASL plugin handling
On 01/10/2012 12:32 AM, thomas@koeller.dyndns.org wrote:
> On Monday 02 January 2012 19:22:28 masarati@aero.polimi.it wrote:
>
>> I note that Cyrus SASL already provides built-in ways to select what
>> plugins must be loaded (e.g. auxprop_plugin, although I'm not an expert of
>> Cyrus SASL configuration, so I suggest you carefully read the
>> documentation).
>>
>> p.
>
> You are probably referring to this paragraph (quotation from
> 'cyrus-sasl-2.1.25/doc/options.html'), regarding the
> use of the ldapdb plugin:
>
>> This plugin is not for use with slapd itself. When OpenLDAP is built with
>> SASL support, slapd uses its own internal auxprop and canonuser module. By
>> default, without configuring anything else, slapd will fail to load the
>> ldapdb module when it's present. This is as it should be. If you don't like
>> the "auxpropfunc: error -7" message that is sent to syslog by slapd, you can
>> stop it by creating /usr/lib/sasl2/slapd.conf with:
>>
>> auxprop_plugin: slapd
>>
>> which will force the SASL library to ignore all other auxprop modules.
>
> When I was debugging the problem I described, I found that the measure
> described above did not stop ldapdb from being loaded. It only seems to
> avoid _use_ of the ldapdb plugin, which is still loaded along with all
> other plugins present, and that was what caused the problem.
>
> Now, if ldapdb is incompatible with slapd at a fundamental level, and
> causes problems when loaded, I think not to load it is the right thing
> to do, and this is what my patch does.
An alternative solution consists in creating a specific folder
containing plugins one wants to load, and start slapd with SASL_PATH set
to point to that folder. This allows fine tuning of what to *load*
without modifying a single line of code.
p.
--
Pierangelo Masarati
Associate Professor
Dipartimento di Ingegneria Aerospaziale
Politecnico di Milano