[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP install issue with SASL

On Fri, 28 Feb 2003, Quanah Gibson-Mount wrote:

> --On Friday, February 28, 2003 9:05 AM -0500 Stephen Frost
> <sfrost@snowman.net> wrote:
> > * Quanah Gibson-Mount (quanah@stanford.edu) wrote:
> >> Is there any reason you are using such an outdated version of
> >> Cyrus-SASL?  The current Cyrus-SASL version is 2.1.12.  Also, OpenLDAP
> >> does not function  well with OpenSSL 0.9.7 last I heard, so you might
> >> want to drop back to  OpenSSL 0.9.6i.  You also will want to use
> >> Berkeley DB 4.1.25, not 4.1.24.  I'd try making those changes, and then
> >> compiling and seeing what happens.
> >
> > Can you substantiate this?  I'm using OpenSSL 0.9.7 with OpenLDAP 2.1.12
> > here with TLS and everything turned on and it is working fine for me so
> > far.  The problem I've run into in the past is when 0.9.7 and 0.9.6 end
> > up getting linked into the same running program because of SASL or some
> > other piece of the system being compiled against 0.9.6 while OpenLDAP is
> > compiled against 0.9.7.
> Stephen,
> When I started to compile OpenLDAP-2.1.12 against 0.9.7, I immediately got
> a note from Howard Chu saying that he had done so already, and ran into
> problems with it.  I have not pursued using it, since Howard has an
> accurate idea of what does & doesn't work with OpenLDAP.  Hopefully he can
> provide a more detailed answer.

Openldap 2.1.13/Openssl 0.9.7a works fine for me on Solaris 9.  In
addition, I beleive that openssl 0.9.7a is safer to use than previous
versions of openssl because of conflicting apis with libc and libcrypt
(crypt, des_crypt come to mind).

There is a compile issue when openldap is configured with --enable-crypt
--enable-lmpasswd options.  The problem is with conflicting des_crypt
api/macro between libcrypt(solaris) and libcrypto(openssl).  I fixed this
calling DES_crypt() rather than crypt() in passwd.c.  Another possible
solution might be to #include <openssl/des.h> before #include <crypt.h>.
This will ensure that solaris' libcrypt/des_crypt() is used.