Seems like slapd is linked to gssapi and sasl. Are there simply command line options I'm missing to start up slapd?
frisbee# ldd /usr/local/libexec/slapd /usr/local/libexec/slapd: libldap_r-2.4.so.6 => /usr/local/lib/libldap_r-2.4.so.6 (0x2820b000) liblber-2.4.so.6 => /usr/local/lib/liblber-2.4.so.6 (0x28250000) libdb-4.6.so.0 => /usr/local/lib/libdb-4.6.so.0 (0x2825d000) libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x28385000) libgssapi.so.9 => /usr/lib/libgssapi.so.9 (0x2839c000) libssl.so.5 => /usr/lib/libssl.so.5 (0x283a3000) libcrypto.so.5 => /lib/libcrypto.so.5 (0x283e4000) libfetch.so.5 => /usr/lib/libfetch.so.5 (0x2853d000) libcom_err.so.4 => /usr/lib/libcom_err.so.4 (0x2854a000) libcrypt.so.4 => /lib/libcrypt.so.4 (0x2854c000) libwrap.so.5 => /usr/lib/libwrap.so.5 (0x28565000) libthr.so.3 => /lib/libthr.so.3 (0x2856c000) libc.so.7 => /lib/libc.so.7 (0x28581000)
Here's the config I used to make openldap just to be sure it wasn't a compile error:
frisbee# cd /usr/ports/net/openldap24-server/ frisbee# make showconfig ===> The following configuration options are available for openldap-sasl-server-2.4.16: SASL=on "With (Cyrus) SASL2 support" DYNACL=off "Run-time loadable ACL (experimental)" ACI=off "Per-object ACI (experimental)" DNSSRV=off "With Dnssrv backend" PASSWD=on "With Passwd backend" PERL=off "With Perl backend" RELAY=on "With Relay backend" SHELL=off "With Shell backend (disables threading)" SOCK=off "With Sock backend" ODBC=off "With SQL backend" RLOOKUPS=off "With reverse lookups of client hostnames" SLP=off "With SLPv2 (RFC 2608) support" SLAPI=off "With Netscape SLAPI plugin API" TCP_WRAPPERS=on "With tcp wrapper support" BDB=on "With BerkeleyDB support" ACCESSLOG=off "With In-Directory Access Logging overlay" AUDITLOG=off "With Audit Logging overlay" COLLECT=off "With Collect overy Services overlay" CONSTRAINT=off "With Attribute Constraint overlay" DDS=on "With Dynamic Directory Services overlay" DEREF=off "With Dereference overlay" DYNGROUP=on "With Dynamic Group overlay" DYNLIST=on "With Dynamic List overlay" LASTMOD=on "With Last Modification overlay" MEMBEROF=off "With Reverse Group Membership overlay" PPOLICY=on "With Password Policy overlay" PROXYCACHE=off "With Proxy Cache overlay" REFINT=on "With Referential Integrity overlay" RETCODE=on "With Return Code testing overlay" RWM=on "With Rewrite/Remap overlay" SEQMOD=on "Sequential Modify overlay" SYNCPROV=on "With Syncrepl Provider overlay" TRANSLUCENT=off "With Translucent Proxy overlay" UNIQUE=off "With attribute Uniqueness overlay" VALSORT=off "With Value Sorting overlay" SMBPWD=off "With Samba Password hashes overlay" DYNAMIC_BACKENDS=off "Build dynamic backends" ===> Use 'make config' to modify these settings
On Tue, Aug 11, 2009 at 6:38 AM, Dieter Kluenter dieter@dkluenter.dewrote:
Allan cr4z3d@gmail.com writes:
OpenLDAP is compiled with SASL support. I remember checking the box for
SASL
and if I cd /usr/ports/net/openldap24-server && make config I see that
SASL is
indeed marked. As far as checking for libgssapi, I ran the following to verify:
is libsasl really linked to slapd? 'ldd slapd' or whatever tool is supplied with freeBSD, will proof it.
frisbee# locate libgssapi /usr/lib/libgssapi.a /usr/lib/libgssapi.so /usr/lib/libgssapi.so.9 /usr/lib/libgssapi_krb5.a /usr/lib/libgssapi_krb5.so /usr/lib/libgssapi_krb5.so.9 /usr/local/lib/sasl2/libgssapiv2.a /usr/local/lib/sasl2/libgssapiv2.la /usr/local/lib/sasl2/libgssapiv2.so /usr/local/lib/sasl2/libgssapiv2.so.2
this looks similar to mine, and the output of ldapsearch is:
dieter@rubin:~> ldapsearch -x -LLL -ZZ -H ldap://localhost -b "" -s base supportedSaslMechanisms dn: supportedSASLMechanisms: PLAIN supportedSASLMechanisms: CRAM-MD5 supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: EXTERNAL
I really suspect that libsasl is not linked to slapd.
-Dieter
-- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:8EF7B6C6 53°08'09,95"N 10°08'02,42"E