[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP, Kerberos, kpasswd

To: openldap-software@OpenLDAP.org
Subject: OpenLDAP, Kerberos, kpasswd
From: Bernhard Lukas <bernhard.lukas@pericom.at>
Date: Mon, 06 Oct 2003 12:00:05 +0200
Organization: Pericom Communication Consulting GmbH
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5b) Gecko/20030901 Thunderbird/0.2

Hi,

I installed on my Debian Woody 3.0 distribution the following tarballs
into /usr/local/PROGNAME:

* heimdal-0.6.tgz
* openssl-0.9.7c.tar.gz
* cyrus-sasl-2.1.15.tar.gz
* db-4.1.25.tar.gz

The I try to build OpenLDAP (openldap-2.1.22.tar.gz):

$ CPPFLAGS="-I/usr/local/sasl/include -I/usr/local/heimdal/include
-I/usr/local/bdb/include -I/usr/local/openssl/include"
LDFLAGS="-L/usr/local/sasl/lib -L/usr/local/heimdal/lib
-L/usr/local/bdb/lib -L/usr/local/openssl/lib" ./configure
--prefix=/usr/local/openldap --with-tls --with-kerberos --enable-ldbm
--enable-aci
$ make depend
$ make
$ make test
$ su -c 'make install'

Everything works fine. But when I try to add --enable-kpasswd, the
following error occurs and I don't know how to fix this. Below is the
output generated by make, libtool, (gnu?) c and the (gnu?) linker.

My aim is to achieve a SSO using LDAP for storing User Information and
Account Information and Logon for some services (Courier, Squid, Samba,
eventually pGina) and using Kerberos only as a "secure backend" to LDAP.

--with-kpasswd enables Kerberos Password authentication in OpenLDAP, but
what does that really mean? That a non-anonymous bind to the directory
uses a kerberos ticket? Any help or hints would be appreciated, I tried
hard for one week to making things work but without succes. :(

------------------------------------------------------------------------

/bin/sh /home/test/Source/openldap-2.1.22_backup/libtool --mode=link cc
-g -O2 -L/usr/local/sasl/lib -L/usr/local/heimdal/lib
-L/usr/local/bdb/lib -L/usr/local/openssl/lib  -version-info 2:122:0
-rpath /usr/local/openldap/lib -o libldap.la bind.lo open.lo result.lo
error.lo compare.lo search.lo controls.lo messages.lo references.lo
extended.lo cyrus.lo modify.lo add.lo modrdn.lo delete.lo abando
n.lo sasl.lo sbind.lo kbind.lo unbind.lo cancel.lo cache.lo filter.lo
free.lo sort.lo passwd.lo whoami.lo getdn.lo getentry.lo getattr.lo
getvalues.lo addentry.lo request.lo os-ip.lo url.lo sortctrl.lo
vlvctrl.lo init.lo options.lo print.lo string.lo util-int.lo schema.lo
charray.lo tls.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo
version.lo ../../libraries/liblber/liblber.la -lresolv -ldl  -lsasl2
-lkrb5 -ldes -lasn1 -lroken -lcom_err -lssl -lcrypto

rm -fr .libs/libldap.la .libs/libldap.* .libs/libldap.*

cc -shared  bind.lo open.lo result.lo error.lo compare.lo search.lo
controls.lo messages.lo references.lo extended.lo cyrus.lo modify.lo
add.lo modrdn.lo delete.lo abandon.lo sasl.lo sbind.lo kbind.lo
unbind.lo cancel.lo cache.lo filter.lo free.lo sort.lo passwd.lo
whoami.lo getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo
request.lo os-ip.lo url.lo sortctrl.lo vlvctrl.lo init.lo options.lo
print.lo string.lo util-int.lo schema.lo charray.lo tls.lo os-local.lo
dnssrv.lo utf-8.lo utf-8-conv.lo version.lo -Wl,--whole-archive
/usr/local/heimdal/lib/libkrb5.a /usr/local/heimdal/lib/libdes.a
/usr/local/heimdal/lib/libasn1.a /usr/local/heimdal/lib/libroken.a
/usr/local/heimdal/lib/libcom_err.a -Wl,--no-whole-archive  -Wl,--rpath
-Wl,/home/test/Source/openldap-2.1.22_backup/libraries/liblber/.libs
-Wl,--rpath -Wl,/usr/local/sasl/lib -Wl,--rpath
-Wl,/usr/local/openldap/lib -Wl,--rpath -Wl,/usr/local/sasl/lib
-L/usr/local/lib -L/usr/local/sasl/lib
 -L/usr/local/heimdal/lib -L/usr/local/bdb/lib -L/usr/local/openssl/lib
../../libraries/liblber/.libs/liblber.so -lresolv -ldl
/usr/local/sasl/lib/libsasl2.so -lssl -lcrypto  -Wl,-soname
-Wl,libldap.so.2 -o .libs/libldap.so.2.0.122

/usr/local/heimdal/lib/libcom_err.a(error.o): In function `com_right':
/home/test/Source/heimdal-0.6/lib/com_err/error.c(.text+0x0): multiple
definition of `com_right'
/usr/local/heimdal/lib/libkrb5.a(error.o)(.text+0x0):/home/test/Source/heimdal-0
.6/lib/com_err/error.c: first defined here

/usr/local/heimdal/lib/libcom_err.a(error.o): In function
`initialize_error_table_r':
/home/test/Source/heimdal-0.6/lib/com_err/error.c(.text+0x3c): multiple
definition of `initialize_error_table_r'
/usr/local/heimdal/lib/libkrb5.a(error.o)(.text+0x3c):/home/test/Source/heimdal-
0.6/lib/com_err/error.c: first defined here

/usr/local/heimdal/lib/libcom_err.a(error.o): In function
`free_error_table':
/home/test/Source/heimdal-0.6/lib/com_err/error.c(.text+0x98): multiple
definition of `free_error_table'
/usr/local/heimdal/lib/libkrb5.a(error.o)(.text+0x98):/home/test/Source/heimdal-
0.6/lib/com_err/error.c: first defined here

[...skipped some similar entries...]

/usr/local/heimdal/lib/libcom_err.a(com_err.o): In function
`add_to_error_table':
/home/test/Source/heimdal-0.6/lib/com_err/com_err.c(.text+0x1e8):
multiple definition of `add_to_error_table'
/usr/local/heimdal/lib/libkrb5.a(com_err.o)(.text+0x1e8):/home/test/Source/heimd
al-0.6/lib/com_err/com_err.c: first defined here

collect2: ld returned 1 exit status
make[2]: *** [libldap.la] Error 1
make[2]: Leaving directory
`/home/test/Source/openldap-2.1.22_backup/libraries/libldap'
make[1]: *** [all-common] Error 1
make[1]: Leaving directory
`/home/test/Source/openldap-2.1.22_backup/libraries'
make: *** [all-common] Error 1

------------------------------------------------------------------------

Thanks very much in advance!

--
Best regards, Bernhard Lukas

Pericom Communication Consulting GmbH
1060 Wien, Mariahilfer Strasse 47/1/3
Tel. 01 585 49 72 - 42
Fax. 01 585 49 72 - 33
Web. www.pericom.at

Follow-Ups:
- Re: OpenLDAP, Kerberos, kpasswd
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Re: Has anyone found a workaround? SASL/LDAP
Next by Date: Sample java code for User authentication using SSHA hasing
Index(es):
- Chronological
- Thread