[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP + Kerberos on FreeBSD 7.2, close to working but not quite

Seems like slapd is linked to gssapi and sasl. Are there simply command line options I'm missing to start up slapd?

frisbee# ldd /usr/local/libexec/slapd
    libldap_r-2.4.so.6 => /usr/local/lib/libldap_r-2.4.so.6 (0x2820b000)
    liblber-2.4.so.6 => /usr/local/lib/liblber-2.4.so.6 (0x28250000)
    libdb-4.6.so.0 => /usr/local/lib/libdb-4.6.so.0 (0x2825d000)
    libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x28385000)
    libgssapi.so.9 => /usr/lib/libgssapi.so.9 (0x2839c000)
    libssl.so.5 => /usr/lib/libssl.so.5 (0x283a3000)
    libcrypto.so.5 => /lib/libcrypto.so.5 (0x283e4000)
    libfetch.so.5 => /usr/lib/libfetch.so.5 (0x2853d000)
    libcom_err.so.4 => /usr/lib/libcom_err.so.4 (0x2854a000)
    libcrypt.so.4 => /lib/libcrypt.so.4 (0x2854c000)
    libwrap.so.5 => /usr/lib/libwrap.so.5 (0x28565000)
    libthr.so.3 => /lib/libthr.so.3 (0x2856c000)
    libc.so.7 => /lib/libc.so.7 (0x28581000)

Here's the config I used to make openldap just to be sure it wasn't a compile error:

frisbee# cd /usr/ports/net/openldap24-server/
frisbee# make showconfig
===> The following configuration options are available for openldap-sasl-server-2.4.16:
     SASL=on "With (Cyrus) SASL2 support"
     DYNACL=off "Run-time loadable ACL (experimental)"
     ACI=off "Per-object ACI (experimental)"
     DNSSRV=off "With Dnssrv backend"
     PASSWD=on "With Passwd backend"
     PERL=off "With Perl backend"
     RELAY=on "With Relay backend"
     SHELL=off "With Shell backend (disables threading)"
     SOCK=off "With Sock backend"
     ODBC=off "With SQL backend"
     RLOOKUPS=off "With reverse lookups of client hostnames"
     SLP=off "With SLPv2 (RFC 2608) support"
     SLAPI=off "With Netscape SLAPI plugin API"
     TCP_WRAPPERS=on "With tcp wrapper support"
     BDB=on "With BerkeleyDB support"
     ACCESSLOG=off "With In-Directory Access Logging overlay"
     AUDITLOG=off "With Audit Logging overlay"
     COLLECT=off "With Collect overy Services overlay"
     CONSTRAINT=off "With Attribute Constraint overlay"
     DDS=on "With Dynamic Directory Services overlay"
     DEREF=off "With Dereference overlay"
     DYNGROUP=on "With Dynamic Group overlay"
     DYNLIST=on "With Dynamic List overlay"
     LASTMOD=on "With Last Modification overlay"
     MEMBEROF=off "With Reverse Group Membership overlay"
     PPOLICY=on "With Password Policy overlay"
     PROXYCACHE=off "With Proxy Cache overlay"
     REFINT=on "With Referential Integrity overlay"
     RETCODE=on "With Return Code testing overlay"
     RWM=on "With Rewrite/Remap overlay"
     SEQMOD=on "Sequential Modify overlay"
     SYNCPROV=on "With Syncrepl Provider overlay"
     TRANSLUCENT=off "With Translucent Proxy overlay"
     UNIQUE=off "With attribute Uniqueness overlay"
     VALSORT=off "With Value Sorting overlay"
     SMBPWD=off "With Samba Password hashes overlay"
     DYNAMIC_BACKENDS=off "Build dynamic backends"
===> Use 'make config' to modify these settings

On Tue, Aug 11, 2009 at 6:38 AM, Dieter Kluenter <dieter@dkluenter.de> wrote:
Allan <cr4z3d@gmail.com> writes:

> OpenLDAP is compiled with SASL support. I remember checking the box for SASL
> and if I cd /usr/ports/net/openldap24-server && make config I see that SASL is
> indeed marked. As far as checking for libgssapi, I ran the following to
> verify:

is libsasl really linked to slapd? 'ldd slapd' or whatever tool is
supplied with freeBSD, will proof it.

> frisbee# locate libgssapi
> /usr/lib/libgssapi.a
> /usr/lib/libgssapi.so
> /usr/lib/libgssapi.so.9
> /usr/lib/libgssapi_krb5.a
> /usr/lib/libgssapi_krb5.so
> /usr/lib/libgssapi_krb5.so.9
> /usr/local/lib/sasl2/libgssapiv2.a
> /usr/local/lib/sasl2/libgssapiv2.la
> /usr/local/lib/sasl2/libgssapiv2.so
> /usr/local/lib/sasl2/libgssapiv2.so.2

this looks similar to mine, and the output of ldapsearch is:

dieter@rubin:~> ldapsearch -x -LLL -ZZ -H ldap://localhost -b "" -s base supportedSaslMechanisms
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: EXTERNAL

I really suspect that libsasl is not linked to slapd.


Dieter Klünter | Systemberatung