On Monday 02 January 2012 19:22:28 firstname.lastname@example.org wrote:
I note that Cyrus SASL already provides built-in ways to select what plugins must be loaded (e.g. auxprop_plugin, although I'm not an expert of Cyrus SASL configuration, so I suggest you carefully read the documentation).
You are probably referring to this paragraph (quotation from 'cyrus-sasl-2.1.25/doc/options.html'), regarding the use of the ldapdb plugin:
This plugin is not for use with slapd itself. When OpenLDAP is built with SASL support, slapd uses its own internal auxprop and canonuser module. By default, without configuring anything else, slapd will fail to load the ldapdb module when it's present. This is as it should be. If you don't like the "auxpropfunc: error -7" message that is sent to syslog by slapd, you can stop it by creating /usr/lib/sasl2/slapd.conf with:
which will force the SASL library to ignore all other auxprop modules.
When I was debugging the problem I described, I found that the measure described above did not stop ldapdb from being loaded. It only seems to avoid _use_ of the ldapdb plugin, which is still loaded along with all other plugins present, and that was what caused the problem.
Now, if ldapdb is incompatible with slapd at a fundamental level, and causes problems when loaded, I think not to load it is the right thing to do, and this is what my patch does.