[Date Prev][Date Next]
Re: OpenLDAP install issue with SASL
On Fri, 28 Feb 2003, Quanah Gibson-Mount wrote:
> --On Friday, February 28, 2003 9:05 AM -0500 Stephen Frost
> <email@example.com> wrote:
> > * Quanah Gibson-Mount (firstname.lastname@example.org) wrote:
> >> Is there any reason you are using such an outdated version of
> >> Cyrus-SASL? The current Cyrus-SASL version is 2.1.12. Also, OpenLDAP
> >> does not function well with OpenSSL 0.9.7 last I heard, so you might
> >> want to drop back to OpenSSL 0.9.6i. You also will want to use
> >> Berkeley DB 4.1.25, not 4.1.24. I'd try making those changes, and then
> >> compiling and seeing what happens.
> > Can you substantiate this? I'm using OpenSSL 0.9.7 with OpenLDAP 2.1.12
> > here with TLS and everything turned on and it is working fine for me so
> > far. The problem I've run into in the past is when 0.9.7 and 0.9.6 end
> > up getting linked into the same running program because of SASL or some
> > other piece of the system being compiled against 0.9.6 while OpenLDAP is
> > compiled against 0.9.7.
> When I started to compile OpenLDAP-2.1.12 against 0.9.7, I immediately got
> a note from Howard Chu saying that he had done so already, and ran into
> problems with it. I have not pursued using it, since Howard has an
> accurate idea of what does & doesn't work with OpenLDAP. Hopefully he can
> provide a more detailed answer.
Openldap 2.1.13/Openssl 0.9.7a works fine for me on Solaris 9. In
addition, I beleive that openssl 0.9.7a is safer to use than previous
versions of openssl because of conflicting apis with libc and libcrypt
(crypt, des_crypt come to mind).
There is a compile issue when openldap is configured with --enable-crypt
--enable-lmpasswd options. The problem is with conflicting des_crypt
api/macro between libcrypt(solaris) and libcrypto(openssl). I fixed this
calling DES_crypt() rather than crypt() in passwd.c. Another possible
solution might be to #include <openssl/des.h> before #include <crypt.h>.
This will ensure that solaris' libcrypt/des_crypt() is used.