[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Compile Errors and Undefined References

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Daniel Bush

> Let's address the first set of errors first.  I am
> attempting to compile against 4.1.25.  I started with
> some older db libraries which I have attempted to rm.
> I use the following lines when compiling BerkeleyDB:

You never mentioned what OS you're building on.

> ../dist/configure
> make
> make install
> ln -s /usr/local/BerkeleyDB.4.1/lib/* /usr/lib
> ln -s /usr/local/BerkeleyDB.4.1/include/* /usr/include
> Cyrus SASL (2.1.12) I compile with:
> ./configure --with-dblib=berkeley
> --with-bdb-libdir=/usr/local/BerkeleyDB.4.1/lib
> --with-bdb-incdir=/usr/local/BerkeleyDB.4.1/include
> --with-openssl=/usr/local/ssl --enable-static
> --enable-login --mandir=/usr/share/man
> --infodir=/usr/share/info
> --with-plugindir=/usr/local/lib/sasl2 --enable-gssapi
> --with-des=/usr/local/ssl --with-rc4=/usr/local/ssl
> --with-saslauthd=/var/run/saslauthd --enable-anon
> --enable-plain --disable-krb4 --with-pam
> ln -s /usr/local/lib/sasl2 /usr/lib/sasl2

Your previous email showed that your SASL was built with static libraries. If
you built SASL using the libtool script that they bundle, this is your first
mistake. The Cyrus project is literally years out of date wrt the autotools
they bundle. This is really a topic for the cyrus-sasl mailing list, but
suffice to say, it never builds correctly out of the box. The quick fix is to
use the libtool script that OpenLDAP generates and rebuild SASL. (OpenLDAP's
script is still out of date, but it at least works correctly on the common

> OpenLDAP (2.1.16) I attempt to compile with:
> CPPFLAGS="-I/usr/local/BerkeleyDB.4.1/include"
> LDFLAGS="-L/usr/local/BerkeleyDB.4.1/lib"
> ./configure --disable-cleartext --disable-rlookups
> --with-tls --enable-kpasswd --with-cyrus-sasl
> --enable-slapd --enable-crypt --enable-spasswd

Your next mistake is using --enable-kpasswd and --enable-spasswd. The kpasswd
option has no legitimate use if you're planning to use SASL with GSSAPI. The
spasswd option has no legitimate use if your clients support SASL binds. Even
if they only support simple binds, you are better off using in-directory
secrets instead of spasswd; in which case you should not --disable-cleartext.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support