[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: saslauxprop and libldapdb, auxpropfunc error -7



> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Joe Rhodes


> I would like to have services that use SASL authentication
> (specifically Cyrus IMAP) be capable of CRAM-MD5 and DIGEST-MD5
> authentication with the users password being stored in OpenLDAP,
> instead of the standard /etc/sasldb.  My goal is to be able
> to have one
> store for usernames and passwords that I can use across multiple
> services (i.e., login, Cyrus IMAP, Squid, etc).
>
> If I understand correctly, I the way to do this is with the Cyrus
> "auxprop" mechanism.  In the "contrib" directory of the OpenLDAP
> (version 2.1.12) distribution, there is Howard Chu's
> libldapdb plugin.
> I've attempted to follow his instructions on compiling and installing
> it, and as far as I can tell, I've been successful.
>
> However I have no joy when trying to us it.  When I start slapd, I
> immediately note an error in my system log
>
> Phoenicia slapd[9847]:  auxpropfunc error -7
>
This is by design. By default, libldapdb will always fail to load in slapd.
slapd doesn't need it, it has its own built in. slapd must never successfully
load the libldapdb plugin, otherwise it will cause an infinite loop.

> I get the same error as soon as my IMAP server tries to
> authenticate a
> user.  I see no messages from the console where slapd is running in
> debug mode (256).  Running the IMAP server in gdb, and using
> the "show
> info" command, it does not appear that the libldapdb library
> is loaded.
>   My assumption is that I've not compiled it correctly.  I've
> been less
> than successful in finding much other documentation around for doing
> this.  If anyone knows of some, It would be helpful.  Once I
> muddle my
> way though this, I'll post the procedure.

Use ldd on libldapdb.so and see what libraries it's looking for. Make sure
all of those libraries can be located at runtime.

This is the rule I added to my sasl/plugins/Makefile to build the module:

libldapdb.la: ldapdb.lo
        $(LINK)  $(libsasldb_la_LDFLAGS) ldapdb.lo -lldap -llber $(LIBS)


  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support