[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Building OpenLDAP 3.3.35 with Kerberos on SLES9

--On Tuesday, April 17, 2007 4:22 PM -0400 Andrew Scott <ascott@appriss.com> wrote:

Hello all,

I've been pulling hair out in tufts over the last week trying to get
OpenLDAP 2.3.35 to build with Kerberos 5 support on a SLES9 machines
(AMD64).  I've spent hours searching the mailing lists and Google.  All
I could find were messages from several years ago admonishing people for
not searching, or questions with no answers.

The biggest problem is the configure script completely ignores the
âwith-kerberos option.  Completely.  I've searched, and I can't
find any mention of why this is.

I think you are extremely confused. :)

Why would you want to link OpenLDAP against the kerberos libraries? Usually all the kerberos negotations are handled via Cyrus-SASL, which is what is linked against Heimdal (or MIT), not OpenLDAP. There is *no* option in the configure for OpenLDAP 2.3.35 that references kerberos at all:

ldap-uat00:/usr/local/build/openldap-2.3.35# ./configure --help | grep kerberos

What you are seeing are the remnants of the very old "kbind" stuff that was never part of any LDAP standard, was really only related to LDAP v2, and was completely replaced by the SASL/KERBEROSIV and SASL/GSSAPI mechanisms handled by SASL.

Does that help? :)


-- Quanah Gibson-Mount Senior Systems Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html