[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: FreeBSD 4.3 and SASL

At 03:44 PM 2001-09-24, MCGLADREY, KAYNE A wrote:
>Hello everyone,
>I've been working on getting OpenLDAP 2.0.11 to work with SASL for some time
>now.  At last count, I had spent 75 hours on this task.  I was running Red
>Hat 7.1.  I've recently been informed by the company that I work with that
>Linux isn't appropriate; FreeBSD is the preferred platform.  Platform
>arguments aside, I need to make this work.
>The objective is to encrypt the username and password of the replication
>account as it travels over the wire.  Replication data can be transferred in
>plain text - there is no data that has been designated as "sensitive".  My
>understanding after many, many hours is that SASL is the key to getting this
>to work.
>I have spent 10 hours so far attempting to compile OpenLDAP on FreeBSD 4.3
>RELEASE with the required SASL support.
>Here is the issue I have encountered:
>checking for sasl.h... no
>configure: warning: Could not locate Cyrus SASL
>configure: warning: SASL authentication not supported!
>The configure command I used was:
>env CPPGLAGS="-I/usr/local/include/sasl" LDFLGS="-L/usr/local/lib
>-L/usr/local/lib/sasl" ./configure --enable-login --disable-krb4
>--disable-gssapi --with-des=/usr/include/openssl/ --without-kerberos
>--disable-kpasswd --with-cyrus-sasl-includes=/usr/local/include/sasl/

Seems you are making up arguments to configure (and making a
number of typos: CPPGFLAGS, LDFLGS.  See "./configure --help"
for the list of supported arguments.

Since you appear to be using FreeBSD ports, you might try
using the OpenLDAP2 port.  If nothing else, it's Makefile
will likely provide some insight as to the required flags.

On FreeBSD 4.4, I use:
        env CPPFLAGS="-I/usr/local/include /usr/local/include/sasl" \
                LDFLAGS="-L/usr/local/lib" ./configure

Note that don't have a linker arguments to add /usr/local/lib to
my rpath as I have in my rc.conf:
        ldconfig_paths="/usr/lib/compat /usr/local/lib"

I also tend to use modified ports as I'm particular about
versions, modifications, and placement.  So, your mileage
may vary.


>As I understand the error message, the compiler cannot find the file sasl.h.
>Here's the relevant excerpt from config.log:
>configure:13464: checking for sasl.h
>configure:13474: cc -E  conftest.c >/dev/null 2>conftest.out
>configure:13470: sasl.h: No such file or directory
>configure: failed program was:
>#line 13469 "configure"
>#include "confdefs.h"
>#include <sasl.h>
>In the configure command I used, I've set the "with-cyrus-sasl-includes"
>path to /usr/local/include/sasl.  Here's the directory listing:
>[root@server openldap-2.0.11]# ls /usr/local/include/sasl/
>total 63
>drwxr-xr-x  2 root  wheel    512 Sep 24 11:15 ./
>drwxr-xr-x  5 root  wheel    512 Sep 24 11:15 ../
>-r--r--r--  1 root  wheel   1262 Aug 11 19:22 hmac-md5.h
>-r--r--r--  1 root  wheel   1432 Aug 11 19:22 md5.h
>-r--r--r--  1 root  wheel   1007 Aug 11 19:22 md5global.h
>-r--r--r--  1 root  wheel  35390 Aug 11 19:22 sasl.h
>-r--r--r--  1 root  wheel  17530 Aug 11 19:22 saslplug.h
>-r--r--r--  1 root  wheel   2560 Aug 11 19:22 saslutil.h
>The file is to be there, and it's readable by root.
>For your reference, here are the packages that I have installed:
>[root@server openldap-2.0.11]# pkg_info
>OpenSSH-2.9_3       OpenBSD's secure shell client and server (remote login
>bash-2.05           The GNU Bourne Again Shell
>cvsup-bin-16.1      A general network file distribution system optimized for
>cyrus-sasl-1.5.24_6 RFC 2222 SASL (Simple Authentication and Security Layer)
>db3-3.2.9_2,1       The Berkeley DB package, revision 3
>gettext-0.10.35     GNU gettext package
>ispell-3.1.20c_2    An interactive spelling checker for multiple languages
>libslang-1.4.4_1    Routines for rapid alpha-numeric terminal applications
>lynx-        A non-graphical, text-based World-Wide Web client
>mutt-1.2.5          The Mongrel of Mail User Agents (part Elm, Pine, Mush,
>tcl-8.2.3           Tool Command Language
>urlview-0.9         URL extractor/launcher
>I would appreciate an answer, a hint, or guidance on how to best proceed.
>After a cumulative 85 hours on this topic, I will not find humor in the
>following "answers":
>  * "Read the manpage for slapd.conf"
>  * "There are hints in the archives"
>  * "Check to see if the sample-client and sample-server with SASL are
>Thanks in advance,
>Kayne McGladrey