Discussion:
SASL /usr/lib/sasl2/App.conf configuration
Francis Swasey
2010-02-17 14:35:53 UTC
Permalink
I am attempting to set up OpenLDAP 2.4 on an RHEL5 system. I have applied patches that rename
the OpenLDAP binaries to append 2.4 to the name, so it can co-exist with the standard RHEL5
rpms without causing issues.

However, one unexpected side effect is that I don't know what it is now using as the name of
the conf file in /usr/lib/sasl2. In reading the SASL section of the Admin Guide, I was
directed to read the cyrus sasl sysadmin.html which tells me to "Check your application's
documentation for specifics". Sadly, I can't find the specifics about how OpenLDAP is setting
the SASL configuration file name in OpenLDAP's documentation. Which of the fine documents do I
need to read?

Thanks,

- --
Frank Swasey | http://www.uvm.edu/~fcs
Sr Systems Administrator | Always remember: You are UNIQUE,
University of Vermont | just like everyone else.
"I am not young enough to know everything." - Oscar Wilde (1854-1900)
Francis Swasey
2010-02-17 15:14:33 UTC
Permalink
Post by Francis Swasey
I am attempting to set up OpenLDAP 2.4 on an RHEL5 system. I have applied patches that rename
the OpenLDAP binaries to append 2.4 to the name, so it can co-exist with the standard RHEL5
rpms without causing issues.
However, one unexpected side effect is that I don't know what it is now using as the name of
the conf file in /usr/lib/sasl2. In reading the SASL section of the Admin Guide, I was
directed to read the cyrus sasl sysadmin.html which tells me to "Check your application's
documentation for specifics". Sadly, I can't find the specifics about how OpenLDAP is setting
the SASL configuration file name in OpenLDAP's documentation. Which of the fine documents do I
need to read?
For future searchers -- I found it in servers/slapd/sasl.c (the call to sasl_server_init). It
would be nice if the slapd.conf was specifically stated in the Admin Guide in the SASL
configuration section.

- --
Frank Swasey | http://www.uvm.edu/~fcs
Sr Systems Administrator | Always remember: You are UNIQUE,
University of Vermont | just like everyone else.
"I am not young enough to know everything." - Oscar Wilde (1854-1900)
Clément OUDOT
2010-02-17 16:34:48 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I am attempting to set up OpenLDAP 2.4 on an RHEL5 system.  I have applied patches that rename
the OpenLDAP binaries to append 2.4 to the name, so it can co-exist with the standard RHEL5
rpms without causing issues.
However, one unexpected side effect is that I don't know what it is now using as the name of
the conf file in /usr/lib/sasl2.  In reading the SASL section of the Admin Guide, I was
directed to read the cyrus sasl sysadmin.html which tells me to "Check your application's
documentation for specifics".  Sadly, I can't find the specifics about how OpenLDAP is setting
the SASL configuration file name in OpenLDAP's documentation.  Which of the fine documents do I
need to read?
Hi,

if it helps, we provide some OpenLDAP 2.4 RPMS for RHEL 5 here:
http://ltb-project.org/wiki/documentation/openldap-rpm

OpenLDAP 2.4 is installed in /usr/local to prevent conflicts with
RHEL5 OpenLDAP version.

Clément.
Francis Swasey
2010-02-18 11:53:27 UTC
Permalink
Post by Clément OUDOT
Hi,
http://ltb-project.org/wiki/documentation/openldap-rpm
Do you have the SRPM available as well, I didn't see it there.
Post by Clément OUDOT
OpenLDAP 2.4 is installed in /usr/local to prevent conflicts with
RHEL5 OpenLDAP version.
It looks like you built your own copy of cyrus-sasl as well -- I've been trying to use
RedHat's. testsaslauthd works. I'm using the same slapd.conf file that worked with OpenLDAP
2.3 on RHEL4 systems. What I haven't figured out is which debug level to run the slapd at to
get it to tell me which call to sasl is failing (I've been busy enough on other fronts that I
haven't done a lot of searching to find that information either).

- --
Frank Swasey | http://www.uvm.edu/~fcs
Sr Systems Administrator | Always remember: You are UNIQUE,
University of Vermont | just like everyone else.
"I am not young enough to know everything." - Oscar Wilde (1854-1900)
Clément OUDOT
2010-02-18 11:59:30 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by Clément OUDOT
Hi,
http://ltb-project.org/wiki/documentation/openldap-rpm
Do you have the SRPM available as well, I didn't see it there.
You can see the spec file here:
http://tools.ltb-project.org/repositories/entry/ltb/openldap-rpm/trunk/SPECS/openldap-ltb.spec

You are right, we should also publish the SPRMS in our forge. It will
be done soon.
Post by Clément OUDOT
OpenLDAP 2.4 is installed in /usr/local to prevent conflicts with
RHEL5 OpenLDAP version.
It looks like you built your own copy of cyrus-sasl as well -- I've been trying to use
RedHat's.  testsaslauthd works.  I'm using the same slapd.conf file that worked with OpenLDAP
2.3 on RHEL4 systems.  What I haven't figured out is which debug level to run the slapd at to
get it to tell me which call to sasl is failing (I've been busy enough on other fronts that I
haven't done a lot of searching to find that information either).
We use standard RHEL SASL (package cyrus-sasl-devel). We do not use
the slapd.conf of the RHEL OpenLDAP installation, but you can easily
make a symobolic link between the two if needed.

Clément.
Francis Swasey
2010-03-17 18:47:21 UTC
Permalink
Post by Francis Swasey
I am attempting to set up OpenLDAP 2.4 on an RHEL5 system. I have applied patches that rename
the OpenLDAP binaries to append 2.4 to the name, so it can co-exist with the standard RHEL5
rpms without causing issues.
For anyone that cares, I did finally solve this issue. Turns out that on a 64-bit RHEL5
system, that you have to put the slapd.conf file in both /usr/lib/sasl2 and /usr/lib64/sasl2.
I stumbled on that after I built my RPM on a 32-bit system and installed that version and it
worked.

Perhaps there was some Red Hat documentation that I should have read.
--
Frank Swasey | http://www.uvm.edu/~fcs
Sr Systems Administrator | Always remember: You are UNIQUE,
University of Vermont | just like everyone else.
"I am not young enough to know everything." - Oscar Wilde (1854-1900)
Loading...