--On Wednesday, August 29, 2007 6:25 PM +0000 rbeckett@exelixis.com wrote:
Any help would be appreciated.
The ITS system is for bugs, not for issues you have building OpenLDAP. I suggest reading the OpenLDAP FAQ entries on linking, and becoming generally familiar with how to build software in non-standard paths.
The FAQ entry can be found at:
http://www.openldap.org/faq/data/cache/1113.html
My OpenSSL build looked like: %configure env CC=/usr/local/bin/gcc CFLAGS='-g -O2' CXXFLAGS='-g -O2' \ PERL=/usr/bin/perl LD_RUN_PATH=/usr/local/lib \ ./Configure --prefix=/usr/local --openssldir=/usr/local/openssl \ shared linux-x86_64 -g -O2
%build env LD_RUN_PATH="/usr/local/lib" make
%install env LD_LIBRARY_PATH="/usr/local/lib" \ LD_RUN_PATH="/usr/local/lib" \ make install INSTALL_PREFIX=%package%
Note the use of LD_RUN_PATH. My OpenLDAP build looked like:
%configure LD_LIBRARY_PATH="/usr/local/lib" CC=/usr/local/bin/gcc CXX=/usr/local/bin/g++ CFLAGS='-g -O2 -DSLAP_LIGHTWEIGHT_DISPATCHER' CXXFLAGS='-g -O2' sh configure --datadir='${prefix}/lib' --libexecdir='${prefix}/lib' --sharedstatedir='${prefix}/lib' \ --prefix=/usr/local \ --disable-ipv6 \ --with-cyrus-sasl \ --with-tls \ --enable-dynamic \ --enable-slapd \ --enable-modules \ --enable-spasswd \ --enable-rewrite \ --enable-rlookups \ --enable-wrappers \ --enable-backends=mod \ --disable-shell \ --disable-sql \ --enable-overlays=mod \ --enable-slurpd=yes \ --enable-slapi=yes make depend
%build make -j3
%check make test
%install make install DESTDIR=%package% STRIP=""
I'll also note that the error you are receiving from the SASL bind has nothing to do with SSL specifically. All it notes is that the AD server has no SASL mechanisms presented that match the SASL mechanisms available to OpenLDAP. If you are wanting to support SASL/EXTERNAL, you'll definitely need to fix your build with OpenSSL support.
I've compiled OpenSSL into /usr/local on many occassions without problem, but I use the correct flags to gcc, too, which I don't see indicated in your build.
You do not indicate whether or not you link OpenLDAP against cyrus-sasl, but that will be necessary for support of some of the other SASL mechanisms. If you plan on doing SASL/GSSAPI binds to AD, you'll also need to build a Kerberos distribution for its libraries (I suggest Heimdal), and link cyrus-sasl against that before building OpenLDAP linked against cyrus-sasl.
You may also want to read:
http://www.stanford.edu/services/directory/openldap/configuration/
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration