[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to configure openLDAP with SASL Digest-MD5 (UNDEFINED SYMBOL: DES_ede3_cbc_encrypt - SOLVED, BUT sasldblistusers2 still fails )



You're questions seem not specific to OpenLDAP Software,
but specific to proper configuration/installation of
Cyrus SASL.  Please take such questions to the Cyrus
SASL mailing list <cyrus-sasl@lists.andrew.cmu.edu>.

Thanks, Kurt

At 03:11 AM 2/12/2004, Lara Adianto wrote:
>--- Lara Adianto <m1r4cle_26@yahoo.com> wrote:
>> 
>> --- Tony Earnshaw <tonye@billy.demon.nl> wrote:
>> > ons, 11.02.2004 kl. 09.28 skrev Lara Adianto:
>> > 
>> > > Well, I found out the source of the error of the
>> > above
>> > > error message.
>> > > Looking into the log messages recorded:
>> > > Feb 11 14:36:03 localhost sasldblistusers2:
>> unable
>> > to
>> > > dlopen /usr/lib/sasl2/libdigestmd5.so.2:
>> > > /usr/lib/sasl2/libdigestmd5.s
>> > > o.2: undefined symbol: DES_ede3_cbc_encrypt
>> > > 
>> > > I'm not sure how to solve the problem though.
>> > > 
>> > > I have an older version of cyrus-sasl in my
>> > machine,
>> > > and I have no problem with creating and listing
>> > the
>> > > users using saslpasswd and sasldblistusers.
>> > > 
>> > > Does anybody outhere know how to solve this?
>> > 
>> > Well definitely I do, since, with the help of this
>> > list (1,000 years
>> > ago), its software, people like Igor, Howard,
>> > Halvard and at least 10
>> > others from then, + auxiliary thingies it all
>> "works
>> > for me". But /I/
>> > had a target, and that was basically getting
>> Postfix
>> > smtp SASL AUTH with
>> > Openldap. I'm now on Postfix latest snapshot /
>> Cyrus
>> > SASL / Openldap
>> > 2.2.5 and SASL DIGEST-MD5 auxprop for everything.
>> > And I'm coasting.
>> > 
>> > What is your target, again?
>> 
>> Nope, I'm not going to setup Postfix SMTP...
>> My goal is to include SASL into my LDAP server, so
>> that my server will be LDAPv3 complient...My LDAP
>> server itself will be used more as as an
>> authentication server , also I would like to
>> integrate
>> the LDAP with Radius server.
>> 
>> So...? 
>> 
>> When I do a search in
>> /usr/lib/sasl2/libdigestmd5.so.2, I can find
>> DES_ede3_cbc_encrypt, but then why is it still
>> complaining about undefined symbol
>> DES_ede3_cbc_encrypt ?
>> 
>> Could the problem be caused by the case sensitive
>> issue: 'des' and 'DES' ?
>> 
>> -lara
>> 
>Hello
>
>I finally managed to solve the undefined sysmbol
>DES_ede3_cbc_encrypt problem
>by specifying the option --with-openssl to point to my
>shared ssl library when configuring the SASL. 
>
>By doing that, the error messages in the log file
>complaining about the undefined symbol
>DES_ede3_cbc_encrypt has indeed gone.
>
>So, following the advice from OpenLDAP Administrator's
>guide: "You should use the Cyrus SASL sample client
>and sample server to test your SASL installation
>before attempting to make use of it with OpenLDAP
>software", I perform the test...
>
>*** Starting the server ***
>[root@localhost sample]# ./server -s ldap
>trying 10, 1, 6
>socket: Address family not supported by protocol
>trying 2, 1, 6
>
>*** Starting the client ***
>[root@localhost sample]# ./client -s ldap
>192.168.168.102
>receiving capability list... recv: {16}
>PLAIN DIGEST-MD5
>PLAIN DIGEST-MD5
>send: {10}
>DIGEST-MD5
>send: {1}
>N
>recv: {126}
>nonce="brXPMSCb5xq6TtqvQYU/6wpzGjM7H0AWkHVj40kkUU0=",realm="localhost.localdomain",qop="auth",charset=utf-8,algorithm=md5-sess
>please enter an authentication id:
>
>**** while on the server side: ****
>[root@localhost sample]# ./server -s ldap
>trying 10, 1, 6
>socket: Address family not supported by protocol
>trying 2, 1, 6
>accepted new connection
>send: {16}
>PLAIN DIGEST-MD5
>recv: {10}
>DIGEST-MD5
>recv: {1}
>N
>send: {126}
>nonce="brXPMSCb5xq6TtqvQYU/6wpzGjM7H0AWkHVj40kkUU0=",realm="localhost.localdomain",qop="auth",charset=utf-8,algorithm=md5-sess
>
>I tried to create a user + password using saslpasswd2
>command and using it for the authentication id,
>authorization id, and password prompted during the
>connection, however, the authentication FAILED !!!
>
>I'm wondering whether it's because of the following
>error that still persists although the undefined
>symbol: DES_ede3_cbc_encrypt problem has been
>resolved:
>[root@localhost sample]# sasldblistusers2
>db failure
>listusers failed
>
>Btw, the log message recorded the following error when
>creating a user with saslpasswd2:
>Feb 12 18:54:42 localhost saslpasswd2: error fetching
>from sasldb: Invalid argum
>ent
>Feb 12 18:54:42 localhost saslpasswd2: error closing
>sasldb: Invalid argument
>Feb 12 18:54:42 localhost saslpasswd2: error closing
>sasldb: Invalid argument
>Feb 12 18:54:42 localhost saslpasswd2: error deleting
>entry from sasldb: Invalid
> argument
>Feb 12 18:54:42 localhost saslpasswd2: error closing
>sasldb: Invalid argument
>Feb 12 18:54:42 localhost saslpasswd2: error deleting
>entry from sasldb: Invalid
> argument
>Feb 12 18:54:42 localhost saslpasswd2: error closing
>sasldb: Invalid argument
>Feb 12 18:54:42 localhost saslpasswd2: error deleting
>entry from sasldb: Invalid
> argument
>Feb 12 18:54:42 localhost saslpasswd2: error closing
>sasldb: Invalid argument
>Feb 12 18:54:42 localhost saslpasswd2: setpass
>succeeded for admin
>
>Please help,
>-lara- 
>
>=====
>------------------------------------------------------------------------------------ 
>La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit
>                                                                        - Guy de Maupassant -
>------------------------------------------------------------------------------------
>
>__________________________________
>Do you Yahoo!?
>New Yahoo! Photos - easier uploading and sharing.
>http://photos.yahoo.com/