HI!
Some automated tests of my Python module check SASL bind with various mechs. For this to work I normally have to add those SASL mechs to /etc/sasl2/slapd.conf.
But this fails in the openSUSE build system with "permission denied".
Is there a possibility to override SASL mechs used by slapd with an env var or similar?
Ciao, Michael.
On 6/17/21 8:13 AM, Michael Ströder wrote:
HI!
Some automated tests of my Python module check SASL bind with various mechs. For this to work I normally have to add those SASL mechs to /etc/sasl2/slapd.conf.
I'm not sure if permission on sasl config is required. It must contain a service that initialize saslauthd ( on Debian system ) service,
third service must connect via socket through sasl library.
Maybe you should trace the application to check where 'permission denied' is.
But this fails in the openSUSE build system with "permission denied".
Is there a possibility to override SASL mechs used by slapd with an env var or similar?
Ciao, Michael.
On 6/17/21 2:35 PM, Lucas Castro wrote:
On 6/17/21 8:13 AM, Michael Ströder wrote:
Some automated tests of my Python module check SASL bind with various mechs. For this to work I normally have to add those SASL mechs to /etc/sasl2/slapd.conf.
I'm not sure if permission on sasl config is required.
I'd have to create/modify /etc/sasl2/slapd.conf in the build VM but the VM setup does not allow that. Note that openSUSE build service runs every build in a restricted mini-VM.
It must contain a service that initialize saslauthd ( on Debian system ) service,
saslauthd is not involved at all.
Ciao, Michael.
Michael Ströder wrote:
HI!
Some automated tests of my Python module check SASL bind with various mechs. For this to work I normally have to add those SASL mechs to /etc/sasl2/slapd.conf.
But this fails in the openSUSE build system with "permission denied".
Is there a possibility to override SASL mechs used by slapd with an env var or similar?
That depends on what the Cyrus SASL API supports. This is not an OpenLDAP question.
A grep thru the SASL source shows there is a SASL_CONF_PATH env var.
On 6/17/21 2:45 PM, Howard Chu wrote:
Michael Ströder wrote:
HI!
Some automated tests of my Python module check SASL bind with various mechs. For this to work I normally have to add those SASL mechs to /etc/sasl2/slapd.conf.
But this fails in the openSUSE build system with "permission denied".
Is there a possibility to override SASL mechs used by slapd with an env var or similar?
That depends on what the Cyrus SASL API supports. This is not an OpenLDAP question.
Yes, but I hoped that you might have solved this for automated tests in restricted build systems before.
A grep thru the SASL source shows there is a SASL_CONF_PATH env var.
Thanks. This was really helpful! I could not find this in the Cyrus-SASL-Docs.
Problem solved and now I can run all checks:
%check mkdir -p %{buildroot}%{_sysconfdir}/sasl2 echo "mech_list: PLAIN DIGEST-MD5 CRAM-MD5 SCRAM-SHA-1 EXTERNAL GSSAPI"
%{buildroot}%{_sysconfdir}/sasl2/slapd.conf
export SASL_CONF_PATH="%{buildroot}%{_sysconfdir}/sasl2/slapd.conf" %pytest_arch rm -r %{buildroot}%{_sysconfdir}/sasl2
https://build.opensuse.org/package/view_file/home:stroeder:iam/python-ldap0/...
Ciao, Michael.
openldap-technical@openldap.org
-
Howard Chu -
Lucas Castro -
Michael Ströder