[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: saslauxprop and libldapdb, auxpropfunc error -7

Greetings all:

As background, I'm trying to get the libldap auxprop plugin (distributed with OpenLDAP) for SASL to work. The goal is to have services that use SASL be able to use secure password exchanges (DIGESTMD5, etc.) when the user account info is stored in OpenLDAP.

However I have no joy when trying to us it. When I start slapd, I immediately note an error in my system log

Phoenicia slapd[9847]:  auxpropfunc error -7

This is by design. By default, libldapdb will always fail to load in slapd.
slapd doesn't need it, it has its own built in. slapd must never successfully
load the libldapdb plugin, otherwise it will cause an infinite loop.

Boy does that make a lot of sense. :)

I get the same error as soon as my IMAP server tries to
authenticate a
user.  I see no messages from the console where slapd is running in
debug mode (256).  Running the IMAP server in gdb, and using
the "show
info" command, it does not appear that the libldapdb library
is loaded.
  My assumption is that I've not compiled it correctly.  I've
been less
than successful in finding much other documentation around for doing
this.  If anyone knows of some, It would be helpful.  Once I
muddle my
way though this, I'll post the procedure.

Use ldd on libldapdb.so and see what libraries it's looking for. Make sure
all of those libraries can be located at runtime.

This is the rule I added to my sasl/plugins/Makefile to build the module:

libldapdb.la: ldapdb.lo
$(LINK) $(libsasldb_la_LDFLAGS) ldapdb.lo -lldap -llber $(LIBS)

Well, I've compiled it a number of times and with a number of suggestions. I'm starting to think that perhaps it is compiled correctly, but I'm missing some key config item that allows it to successfully load.

Trying Howard Chu's suggestion above, I see it needing the following libraries, all of which are present and executable on my system:

[root@Phoenicia sasl2]# ldd libldapdb.so
       libldap.so.2 => /usr/lib/libldap.so.2 (0x40010000)
       liblber.so.2 => /usr/lib/liblber.so.2 (0x4003b000)
       libresolv.so.2 => /lib/libresolv.so.2 (0x40046000)
       libc.so.6 => /lib/i686/libc.so.6 (0x42000000)
       libdl.so.2 => /lib/libdl.so.2 (0x40058000)
       libssl.so.0.9.7 => /usr/lib/libssl.so.0.9.7 (0x4005b000)
       libcrypto.so.0.9.7 => /usr/lib/libcrypto.so.0.9.7 (0x4008a000)
       /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x80000000)

Running the Cyrus sample program, or the Cyrus IMAP server (which does, BTW, authenticate OK with the sasldb plugin), I just keep getting the aupropfunc error -7. I'm starting to wonder if perhaps my configuration file for the server (in this case /etc/imapd.conf) is wrong. Would this keep the plugin from loading? Below in my imapd.conf file:

partition-default: /var/spool/imap
admins: cyrus root
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: libldapdb
ldapdb_uri: ldapi://
ldapdb_id:  admin
ldapdb_pw: password
ldapdb_mech: PLAIN

After reading some of the messages previous to this, it seems that the plugin may be looking in /usr/lib/sasl2 for the config file, so I've copied it there as well.

I've tried derivations of the ldapdb_uri: directive, but no luck. (ldapdb_uri: ldap:// ldapdb_uri: ldapdb_uri: ldap:// ldapdb_uri: ldapi://)

Any thoughts? I'm at a loss even for where to keep poking at this thing. As before, running slapd from the console in debug mode (-d 256) is not even registering any hits at all. Right now I'd consider it a small victory if the plugin would at least *touch* slapd. Then I'm sure it will be a whole separate adventure to get it configured properly. But that's for later.

Thanks for any and all help.