Hello All,
I'm *trying to implement SASL on the openldap of version 2.4.26.*
First we install the openldap and then we install the necessary packages of cyrus-sasl.
*Packages of cyrus-sasl:* (installed in below mentioned order) cyrus-sasl-lib-2.1.22-5.el5_4.3.x86_64.rpm cyrus-sasl-devel-2.1.22-5.el5_4.3.x86_64.rpm cyrus-sasl-plain-2.1.22-5.el5_4.3.x86_64.rpm cyrus-sasl-2.1.22-5.el5_4.3.x86_64.rpm cyrus-sasl-ldap-2.1.22-5.el5_4.3.x86_64.rpm cyrus-sasl-md5-2.1.22-5.el5_4.3.x86_64.rpm
After then i set up the SASL with proper ACL's (having the steps and also i setup the same on some other box where it running fine) *Steps:* *1> *Modify /usr/lib64/sasl2/slapd.conf *# SASL Configuration pwcheck_method: auxprop auxprop_plugin: slapd mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5* *2> *Modify $LDAP_HOME/etc/openladp/slapd.conf *password-hash {CLEARTEXT} authz-regexp uid=(.*),cn=DIGEST-MD5,cn=auth uid=$1,ou=System,o=xyz*
but it throws all together different error to me: /u01/app/openldap/product/2.4.26/etc/openldap> ldapwhoami -Y DIGEST-MD5 ldapwhoami: not compiled with SASL support
And similar errors for ldapsearch and other commands.
It suggests to me that some package installation is not proper.
Can any one guide me on this.
Thanks and Regards, Gaurav Gugnani
Am Wed, 15 Feb 2012 10:19:10 +0530 schrieb Gaurav Gugnani gugnanigaurav@gmail.com:
Hello All,
I'm *trying to implement SASL on the openldap of version 2.4.26.*
First we install the openldap and then we install the necessary packages of cyrus-sasl.
*Packages of cyrus-sasl:* (installed in below mentioned order) cyrus-sasl-lib-2.1.22-5.el5_4.3.x86_64.rpm cyrus-sasl-devel-2.1.22-5.el5_4.3.x86_64.rpm cyrus-sasl-plain-2.1.22-5.el5_4.3.x86_64.rpm cyrus-sasl-2.1.22-5.el5_4.3.x86_64.rpm cyrus-sasl-ldap-2.1.22-5.el5_4.3.x86_64.rpm cyrus-sasl-md5-2.1.22-5.el5_4.3.x86_64.rpm
After then i set up the SASL with proper ACL's (having the steps and also i setup the same on some other box where it running fine) *Steps:* *1> *Modify /usr/lib64/sasl2/slapd.conf *# SASL Configuration pwcheck_method: auxprop auxprop_plugin: slapd mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5* *2> *Modify $LDAP_HOME/etc/openladp/slapd.conf *password-hash {CLEARTEXT} authz-regexp uid=(.*),cn=DIGEST-MD5,cn=auth uid=$1,ou=System,o=xyz*
but it throws all together different error to me: /u01/app/openldap/product/2.4.26/etc/openldap> ldapwhoami -Y DIGEST-MD5 ldapwhoami: not compiled with SASL support
And similar errors for ldapsearch and other commands.
It suggests to me that some package installation is not proper.
Can any one guide me on this.
Check whether ldapwhoami is linked against libsasl2, ldd ldapwhoami
-Dieter
Hello,
ldapwhoami is linked: /u01/app/openldap/product/2.4.26/bin>ldd ldapwhoami libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x0000003542e00000)
However, i checked for ldapsearch and it not liknked: /u01/app/openldap/product/2.4.26/bin>ldd ldapsearch libssl.so.6 => /lib64/libssl.so.6 (0x0000003765600000) libcrypto.so.6 => /lib64/libcrypto.so.6 (0x0000003765200000) libresolv.so.2 => /lib64/libresolv.so.2 (0x00000035ea000000) libc.so.6 => /lib64/libc.so.6 (0x00000035e4800000) libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 (0x00000035ef600000) libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x00000035f1200000) libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00000035e9400000) libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x00000035f0600000) libdl.so.2 => /lib64/libdl.so.2 (0x00000035e5000000) libz.so.1 => /usr/lib64/libz.so.1 (0x00000035e5800000) /lib64/ld-linux-x86-64.so.2 (0x00000035e4400000) libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0 (0x00000035f0a00000) libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00000035efe00000) libselinux.so.1 => /lib64/libselinux.so.1 (0x00000035e6000000) libsepol.so.1 => /lib64/libsepol.so.1 (0x00000035e6400000)
Now, as ldapsearch is not linked - What could be the cause of it? How to link - Or how to proceed further?
Thanks and Regards, Gaurav Gugnani
On Wed, Feb 15, 2012 at 3:06 PM, Dieter Klünter dieter@dkluenter.de wrote:
Am Wed, 15 Feb 2012 10:19:10 +0530 schrieb Gaurav Gugnani gugnanigaurav@gmail.com:
Hello All,
I'm *trying to implement SASL on the openldap of version 2.4.26.*
First we install the openldap and then we install the necessary packages of cyrus-sasl.
*Packages of cyrus-sasl:* (installed in below mentioned order) cyrus-sasl-lib-2.1.22-5.el5_4.3.x86_64.rpm cyrus-sasl-devel-2.1.22-5.el5_4.3.x86_64.rpm cyrus-sasl-plain-2.1.22-5.el5_4.3.x86_64.rpm cyrus-sasl-2.1.22-5.el5_4.3.x86_64.rpm cyrus-sasl-ldap-2.1.22-5.el5_4.3.x86_64.rpm cyrus-sasl-md5-2.1.22-5.el5_4.3.x86_64.rpm
After then i set up the SASL with proper ACL's (having the steps and also i setup the same on some other box where it running fine) *Steps:* *1> *Modify /usr/lib64/sasl2/slapd.conf *# SASL Configuration pwcheck_method: auxprop auxprop_plugin: slapd mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5* *2> *Modify $LDAP_HOME/etc/openladp/slapd.conf *password-hash {CLEARTEXT} authz-regexp uid=(.*),cn=DIGEST-MD5,cn=auth uid=$1,ou=System,o=xyz*
but it throws all together different error to me: /u01/app/openldap/product/2.4.26/etc/openldap> ldapwhoami -Y DIGEST-MD5 ldapwhoami: not compiled with SASL support
And similar errors for ldapsearch and other commands.
It suggests to me that some package installation is not proper.
Can any one guide me on this.
Check whether ldapwhoami is linked against libsasl2, ldd ldapwhoami
-Dieter
-- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:DA147B05 53°37'09,95"N 10°08'02,42"E
Dieter Klünter wrote:
Am Wed, 15 Feb 2012 10:19:10 +0530 schrieb Gaurav Gugnanigugnanigaurav@gmail.com:
Hello All,
I'm *trying to implement SASL on the openldap of version 2.4.26.*
First we install the openldap and then we install the necessary packages of cyrus-sasl.
*Packages of cyrus-sasl:* (installed in below mentioned order) cyrus-sasl-lib-2.1.22-5.el5_4.3.x86_64.rpm cyrus-sasl-devel-2.1.22-5.el5_4.3.x86_64.rpm cyrus-sasl-plain-2.1.22-5.el5_4.3.x86_64.rpm cyrus-sasl-2.1.22-5.el5_4.3.x86_64.rpm cyrus-sasl-ldap-2.1.22-5.el5_4.3.x86_64.rpm cyrus-sasl-md5-2.1.22-5.el5_4.3.x86_64.rpm
After then i set up the SASL with proper ACL's (having the steps and also i setup the same on some other box where it running fine) *Steps:* *1> *Modify /usr/lib64/sasl2/slapd.conf *# SASL Configuration pwcheck_method: auxprop auxprop_plugin: slapd mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5* *2> *Modify $LDAP_HOME/etc/openladp/slapd.conf *password-hash {CLEARTEXT} authz-regexp uid=(.*),cn=DIGEST-MD5,cn=auth uid=$1,ou=System,o=xyz*
but it throws all together different error to me: /u01/app/openldap/product/2.4.26/etc/openldap> ldapwhoami -Y DIGEST-MD5 ldapwhoami: not compiled with SASL support
And similar errors for ldapsearch and other commands.
It suggests to me that some package installation is not proper.
Can any one guide me on this.
Check whether ldapwhoami is linked against libsasl2, ldd ldapwhoami
There is nothing to check. The error message "not compiled with SASL support" could not be any plainer.
If he installed OpenLDAP from a distro package, then he needs to complain to his distro provider. If he built OpenLDAP from source, then of course it had no SASL support since he says he didn't install SASL until *after* he installed OpenLDAP. Obviously you can't compile with SASL support if the SASL devel packages weren't already present at compile time.
Hello Howard,
Thks for your support. I installed open ldap from source.
So, *the crux is:* Q> First i need to install the cyrus-sasl package and then i need to install the open-ldap with sasl option?? Plz confirm if my understanding is correct?
Now, my scenario is this: In production open-ldap is already running with bind method =SIMPLE. So, How can i switch to bind method=SASL?
I can plan for downtime, But re-compiling will take lot of time...and its bit risky too. Do we have any other way to implement SASL?
Thanks and Regards, Gaurav Gugnani
On Wed, Feb 15, 2012 at 3:52 PM, Howard Chu hyc@symas.com wrote:
Dieter Klünter wrote:
Am Wed, 15 Feb 2012 10:19:10 +0530 schrieb Gaurav Gugnani<gugnanigaurav@gmail.**comgugnanigaurav@gmail.com
:
Hello All,
I'm *trying to implement SASL on the openldap of version 2.4.26.*
First we install the openldap and then we install the necessary packages of cyrus-sasl.
*Packages of cyrus-sasl:* (installed in below mentioned order) cyrus-sasl-lib-2.1.22-5.el5_4.**3.x86_64.rpm cyrus-sasl-devel-2.1.22-5.el5_**4.3.x86_64.rpm cyrus-sasl-plain-2.1.22-5.el5_**4.3.x86_64.rpm cyrus-sasl-2.1.22-5.el5_4.3.**x86_64.rpm cyrus-sasl-ldap-2.1.22-5.el5_**4.3.x86_64.rpm cyrus-sasl-md5-2.1.22-5.el5_4.**3.x86_64.rpm
After then i set up the SASL with proper ACL's (having the steps and also i setup the same on some other box where it running fine) *Steps:* *1> *Modify /usr/lib64/sasl2/slapd.conf *# SASL Configuration pwcheck_method: auxprop auxprop_plugin: slapd mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5* *2> *Modify $LDAP_HOME/etc/openladp/slapd.**conf *password-hash {CLEARTEXT} authz-regexp uid=(.*),cn=DIGEST-MD5,cn=auth uid=$1,ou=System,o=xyz*
but it throws all together different error to me: /u01/app/openldap/product/2.4.**26/etc/openldap> ldapwhoami -Y DIGEST-MD5 ldapwhoami: not compiled with SASL support
And similar errors for ldapsearch and other commands.
It suggests to me that some package installation is not proper.
Can any one guide me on this.
Check whether ldapwhoami is linked against libsasl2, ldd ldapwhoami
There is nothing to check. The error message "not compiled with SASL support" could not be any plainer.
If he installed OpenLDAP from a distro package, then he needs to complain to his distro provider. If he built OpenLDAP from source, then of course it had no SASL support since he says he didn't install SASL until *after* he installed OpenLDAP. Obviously you can't compile with SASL support if the SASL devel packages weren't already present at compile time.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/**project/http://www.openldap.org/project/
Hoi Gaurav if you did a vanilla install from a distro, you may be as lucky as to find a package in this distro (such as openldap-sasl or similar), which "converts" your LDAP server into an LDAP server, which is SASL capable. If there is no such package, there is no way around recompilation of the LDAP server. Also, have you considered upgrading or re-installing the entire system?
suomi
On 02/15/2012 12:04 PM, Gaurav Gugnani wrote:
Hello Howard,
Thks for your support. I installed open ldap from source.
So, *the crux is:* Q> First i need to install the cyrus-sasl package and then i need to install the open-ldap with sasl option?? Plz confirm if my understanding is correct?
Now, my scenario is this: In production open-ldap is already running with bind method =SIMPLE. So, How can i switch to bind method=SASL?
I can plan for downtime, But re-compiling will take lot of time...and its bit risky too. Do we have any other way to implement SASL?
Thanks and Regards, Gaurav Gugnani
On Wed, Feb 15, 2012 at 3:52 PM, Howard Chu <hyc@symas.com mailto:hyc@symas.com> wrote:
Dieter Klünter wrote: Am Wed, 15 Feb 2012 10:19:10 +0530 schrieb Gaurav Gugnani<gugnanigaurav@gmail.__com <mailto:gugnanigaurav@gmail.com>>: Hello All, I'm *trying to implement SASL on the openldap of version 2.4.26.* First we install the openldap and then we install the necessary packages of cyrus-sasl. *Packages of cyrus-sasl:* (installed in below mentioned order) cyrus-sasl-lib-2.1.22-5.el5_4.__3.x86_64.rpm cyrus-sasl-devel-2.1.22-5.el5___4.3.x86_64.rpm cyrus-sasl-plain-2.1.22-5.el5___4.3.x86_64.rpm cyrus-sasl-2.1.22-5.el5_4.3.__x86_64.rpm cyrus-sasl-ldap-2.1.22-5.el5___4.3.x86_64.rpm cyrus-sasl-md5-2.1.22-5.el5_4.__3.x86_64.rpm After then i set up the SASL with proper ACL's (having the steps and also i setup the same on some other box where it running fine) *Steps:* *1> *Modify /usr/lib64/sasl2/slapd.conf *# SASL Configuration pwcheck_method: auxprop auxprop_plugin: slapd mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5* *2> *Modify $LDAP_HOME/etc/openladp/slapd.__conf *password-hash {CLEARTEXT} authz-regexp uid=(.*),cn=DIGEST-MD5,cn=auth uid=$1,ou=System,o=xyz* but it throws all together different error to me: /u01/app/openldap/product/2.4.__26/etc/openldap> ldapwhoami -Y DIGEST-MD5 ldapwhoami: not compiled with SASL support And similar errors for ldapsearch and other commands. It suggests to me that some package installation is not proper. Can any one guide me on this. Check whether ldapwhoami is linked against libsasl2, ldd ldapwhoami There is nothing to check. The error message "not compiled with SASL support" could not be any plainer. If he installed OpenLDAP from a distro package, then he needs to complain to his distro provider. If he built OpenLDAP from source, then of course it had no SASL support since he says he didn't install SASL until *after* he installed OpenLDAP. Obviously you can't compile with SASL support if the SASL devel packages weren't already present at compile time. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/__project/ <http://www.openldap.org/project/>
Hello Anax,
I did the installation from openldap rpm files. And yes - if there is no other option then i have to go to re-compiling the entire system with SASL enabled packages.
But my Q's is: Q> First i need to install the cyrus-sasl package and then i need to install the open-ldap with sasl option?? Plz confirm if my understanding is correct?
Thanks and Regards, Gaurav Gugnani
On Wed, Feb 15, 2012 at 5:34 PM, anax anax@ayni.com wrote:
Hoi Gaurav if you did a vanilla install from a distro, you may be as lucky as to find a package in this distro (such as openldap-sasl or similar), which "converts" your LDAP server into an LDAP server, which is SASL capable. If there is no such package, there is no way around recompilation of the LDAP server. Also, have you considered upgrading or re-installing the entire system?
suomi
On 02/15/2012 12:04 PM, Gaurav Gugnani wrote:
Hello Howard,
Thks for your support. I installed open ldap from source.
So, *the crux is:*
Q> First i need to install the cyrus-sasl package and then i need to install the open-ldap with sasl option?? Plz confirm if my understanding is correct?
Now, my scenario is this: In production open-ldap is already running with bind method =SIMPLE. So, How can i switch to bind method=SASL?
I can plan for downtime, But re-compiling will take lot of time...and its bit risky too. Do we have any other way to implement SASL?
Thanks and Regards, Gaurav Gugnani
On Wed, Feb 15, 2012 at 3:52 PM, Howard Chu <hyc@symas.com mailto:hyc@symas.com> wrote:
Dieter Klünter wrote:
Am Wed, 15 Feb 2012 10:19:10 +0530 schrieb Gaurav Gugnani<gugnanigaurav@gmail.__**com <mailto:gugnanigaurav@gmail.**com <gugnanigaurav@gmail.com>>>: Hello All, I'm *trying to implement SASL on the openldap of version 2.4.26.* First we install the openldap and then we install the necessary packages of cyrus-sasl. *Packages of cyrus-sasl:* (installed in below mentioned order) cyrus-sasl-lib-2.1.22-5.el5_4.**__3.x86_64.rpm cyrus-sasl-devel-2.1.22-5.el5_**__4.3.x86_64.rpm cyrus-sasl-plain-2.1.22-5.el5_**__4.3.x86_64.rpm cyrus-sasl-2.1.22-5.el5_4.3.__**x86_64.rpm cyrus-sasl-ldap-2.1.22-5.el5__**_4.3.x86_64.rpm cyrus-sasl-md5-2.1.22-5.el5_4.**__3.x86_64.rpm After then i set up the SASL with proper ACL's (having the steps and also i setup the same on some other box where it running fine) *Steps:* *1> *Modify /usr/lib64/sasl2/slapd.conf *# SASL Configuration pwcheck_method: auxprop auxprop_plugin: slapd mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5* *2> *Modify $LDAP_HOME/etc/openladp/slapd.**__conf *password-hash {CLEARTEXT} authz-regexp uid=(.*),cn=DIGEST-MD5,cn=auth uid=$1,ou=System,o=xyz* but it throws all together different error to me: /u01/app/openldap/product/2.4.**__26/etc/openldap>ldapwhoami -Y
DIGEST-MD5 ldapwhoami: not compiled with SASL support And similar errors for ldapsearch and other commands. It suggests to me that some package installation is not proper. Can any one guide me on this. Check whether ldapwhoami is linked against libsasl2, ldd ldapwhoamiThere is nothing to check. The error message "not compiled with SASL support" could not be any plainer.
If he installed OpenLDAP from a distro package, then he needs to complain to his distro provider. If he built OpenLDAP from source, then of course it had no SASL support since he says he didn't install SASL until *after* he installed OpenLDAP. Obviously you can't compile with SASL support if the SASL devel packages weren't already present at compile time.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/__**project/http://www.openldap.org/__project/ <http://www.openldap.org/**project/ http://www.openldap.org/project/
On 02/15/12 16:34 +0530, Gaurav Gugnani wrote:
Hello Howard,
Thks for your support. I installed open ldap from source.
On 02/15/12 17:57 +0530, Gaurav Gugnani wrote:
Hello Anax,
I did the installation from openldap rpm files. And yes - if there is no other option then i have to go to re-compiling the entire system with SASL enabled packages.
But my Q's is: Q> First i need to install the cyrus-sasl package and then i need to install the open-ldap with sasl option?? Plz confirm if my understanding is correct?
Did you install openldap from distro packages, and then installed over it from source? Or you recompiled from the rpm source packages?
Either way, if your goal is to recompile openldap from source, and you want to have sasl support, then you'll want to find out if your distro supplies a -dev package (e.g. cyrus-sasl2-dev or libsasl2-dev) and install it before recompiling, like Howard suggested. Openldap should detect the existence of the sasl headers and compile support in, or you can explicitly request support with the ./configure --with-cyrus-sasl option.
If your system is in an inconsistent state, such as having some binaries in your path which have sasl support because they are the distro produced binaries, and some binaries which were produced by a recompile, then take some time to consider how you should proceed. If you have a good understanding of your system, and the ./configure options used by your distro packages, then you could recompile on top of those binaries. If not, then more time consuming measures, involving a couple of hours of downtime, might be in order.
openldap-technical@openldap.org
-
anax -
Dan White -
Dieter Klünter -
Gaurav Gugnani -
Howard Chu