Hello,
Hoping someone can help me with this issue I'm having. I'm building OpenLDAP from source using the following command:
./configure --prefix=/usr/local \
--with-tls \
--with-cyrus-sasl \
--enable-overlays \
--enable-modules \
--enable-argon2 \
--enable-remoteauth && \
make depend && make -j$(nproc) && make install && \
ldconfig
It looks like it builds correctly, however I'm not seeing the remoteauth.la or remoteauth.so module under /usr/local/libexec/openldap directory. I'm only seeing the argon2.so and argon2.la. When I bootstrap the server with the following it doesn't throw any errors:
modulepath /usr/local/libexec/openldap
moduleload back_mdb.la
moduleload argon2.la
moduleload remoteauth.la
The weird thing is that when I run this command it shows the installed modules with remoteauth being one of them:
ldapsearch -Y EXTERNAL -H "$LDAPI_URI" -b "cn=module{0},cn=config" olcModuleLoad
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
# extended LDIF
#
# LDAPv3
# base <cn=module{0},cn=config> with scope subtree
# filter: (objectclass=*)
# requesting: olcModuleLoad
#
# module{0}, config
dn: cn=module{0},cn=config
olcModuleLoad: {0}back_mdb.la
olcModuleLoad: {1}argon2.la
olcModuleLoad: {2}remoteauth.la
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
So, I'm not sure how it's loading remoteauth.la since it's not present under the /usr/local/libexec/openldap directory. As a matter of fact, it doesn't seem to be anywhere on the file system.
I tried authenticating a user using remoteauth to a remote AD directory and it didn't seem to work. In all fairness, I'm not sure if I was doing it correctly.
Thanks in advance
Dino Edwards wrote:
Hello,
Hoping someone can help me with this issue Im having. Im building OpenLDAP from source using the following command:
./configure --prefix=/usr/local \
--with-tls \
--with-cyrus-sasl \
--enable-overlays \
--enable-modules \
--enable-argon2 \
--enable-remoteauth && \
make depend && make -j$(nproc) && make install && \
ldconfig
It looks like it builds correctly, however Im not seeing the remoteauth.la or remoteauth.so module under /usr/local/libexec/openldap directory. Im only seeing the argon2.so and argon2.la. When I bootstrap the server with the following it doesnt throw any errors:
Probably you're seeing an argon2 left over from some other build. When you just use "--enable-remoteauth" it defaults to a static build, not a dynamic module. So there is no remoteauth.la to install, the code is just part of the slapd binary.
modulepath /usr/local/libexec/openldap
moduleload back_mdb.la
moduleload argon2.la
moduleload remoteauth.la
The weird thing is that when I run this command it shows the installed modules with remoteauth being one of them:
ldapsearch -Y EXTERNAL -H "$LDAPI_URI" -b "cn=module{0},cn=config" olcModuleLoad
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
# extended LDIF
#
# LDAPv3
# base <cn=module{0},cn=config> with scope subtree
# filter: (objectclass=*)
# requesting: olcModuleLoad
#
# module{0}, config
dn: cn=module{0},cn=config
olcModuleLoad: {0}back_mdb.la
olcModuleLoad: {1}argon2.la
olcModuleLoad: {2}remoteauth.la
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
So, Im not sure how its loading remoteauth.la since its not present under the /usr/local/libexec/openldap directory. As a matter of fact, it doesnt seem to be anywhere on the file system.
It's not really loading remoteauth. The moduleload command knows if a module was built statically and just silently succeeds for those. It works that way to allow easy migration between builds with static vs dynamic modules.
I tried authenticating a user using remoteauth to a remote AD directory and it didnt seem to work. In all fairness, Im not sure if I was doing it correctly.
Thanks in advance
Probably you're seeing an argon2 left over from some other build. When you
just use "--enable-remoteauth" it defaults to a static build, not a dynamic module. So there is > no remoteauth.la to install, the code is just part of the slapd binary.
So, if I'm understanding you correctly, using --enable-remoteauth is doing a static build not a dynamic. How would I go about doing a dynamic build then?
It's not really loading remoteauth. The moduleload command knows if a
module was built statically and just silently succeeds for those. It works that way to allow easy
migration between builds with static vs dynamic modules.
So, what parameters should I use to build dynamically?
Thanks
Dino Edwards wrote:
Probably you're seeing an argon2 left over from some other build. When you
just use "--enable-remoteauth" it defaults to a static build, not a dynamic module. So there is > no remoteauth.la to install, the code is just part of the slapd binary.
So, if I'm understanding you correctly, using --enable-remoteauth is doing a static build not a dynamic. How would I go about doing a dynamic build then?
Read `configure --help`
openldap-technical@openldap.org
-
Dino Edwards -
Howard Chu