[WBEL-users] SASL with LDAP Support

Kirby C. Bohling kbohling@birddog.com
Tue, 30 Nov 2004 17:38:53 -0600 

On Tue, Nov 30, 2004 at 05:12:26PM -0600, Richard Petty wrote:
> What is the simplest way to determine how an RPM was compiled? I want to 
> insure that CYRUS-SASL was compiled with LDAP support.

I'm not sure if you can get the options that were passed to the
command line of rpmbuild (which would affect the macros/configure
options on some packages).  So I'm not sure there is any definitive
way to be sure.  Plus there are somethings that might be
autodetected by autoconf or whatnot.

I've examined the .specfile from cyrus-sasl and I don't see anything
that looks like it would have added or remove LDAP support based on
any options on the command line however.  It does include PAM.

%configure \
    --enable-static --enable-staticdlopen --with-pic --enable-shared \
    --with-plugindir=%{_plugindir} \
    --disable-krb4 \
    --enable-gssapi${krb5_prefix:+=${krb5_prefix}} \
    --with-rc4 \
    --with-dblib=gdbm \
    --with-saslauthd=/var/run/saslauthd --without-pwcheck \
    --enable-anon \
    --enable-cram \
    --enable-digest \
    --enable-plain \
    --enable-login

That might help.

> 
> I've done a lot of reading and it appears to be a common problem of RHEL 
> users and it may be the source of a problemt that I'm currently 
> experiencing.

The easiest way to tell is probably this:

[kbohling@hawk SPECS]$ ldd /usr/sbin/saslauthd
        /etc/libcwait.so => /etc/libcwait.so (0x00ad3000)
        libgssapi_krb5.so.2 => /usr/kerberos/lib/libgssapi_krb5.so.2 (0x001ab000)
        libkrb5.so.3 => /usr/kerberos/lib/libkrb5.so.3 (0x00f1a000)
        libk5crypto.so.3 => /usr/kerberos/lib/libk5crypto.so.3 (0x003c7000)
        libcom_err.so.3 => /usr/kerberos/lib/libcom_err.so.3 (0x00697000)
        libresolv.so.2 => /lib/libresolv.so.2 (0x002f9000)
        libpam.so.0 => /lib/libpam.so.0 (0x00b61000)
        libcrypt.so.1 => /lib/libcrypt.so.1 (0x00de6000)
        libc.so.6 => /lib/tls/libc.so.6 (0x001be000)
        libdl.so.2 => /lib/libdl.so.2 (0x007ad000)
        liblaus.so.1 => /lib/liblaus.so.1 (0x009de000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x00d53000)

Which includes libpam.so (which could use LDAP as a plugin).
However, it doesn't appear to directly link in ldap.  It could be
that LDAP is used as a plugin and is loaded via dlopen().

To be blantantly honest, I have no idea what cyrus-sasl does (I
think it's vaguely related to authentication from what I remember
hearing about it passing and a quick look at the man page).  It
appears that you can start it with "-a pam" and use PAM to
authenticate people via LDAP.  However, that's a wild stab in the
dark.  By default, it appears that in:

/etc/rc.d/init.d/saslauthd

is configured to use shadow.  By adding the file
/etc/sysconfig/saslauthd you should be able to override that via
various environment variables.  If you describe more of the problem,
I might be able to help more.


	Thanks,
		Kirby