SASL2 plugin problem

Xu, Qiang (FXSGSC) Qiang.Xu at
Fri Apr 3 02:43:38 EDT 2009

> -----Original Message-----
> From: Howard Chu [mailto:hyc at] 
> Sent: Friday, April 03, 2009 1:07 PM
> To: Xu, Qiang (FXSGSC)
> Cc: Henry B. Hotz; cyrus-sasl at
> Subject: Re: SASL2 plugin problem
> Don't use MozLDAP, it's obsolete. At this point it's total 
> abandonware, it's not even present in any current Mozilla 
> builds. (And yes, I build a full Mozilla source tree on a 
> pretty frequent basis. I've also submitted a patch to build 
> Mozilla with OpenLDAP's libldap, since Mozilla has abandoned 
> the MozLDAP code.)

For SASL LDAP binding, I see that OpenLDAP + SASL is the most used combination. Yet, from my googling, there are some successful examples of use MozLDAP with SASL.
> Given that both MozLDAP and OpenLDAP use the same SASL 
> library, and OpenLDAP works, how can you deduce that the 
> problem is in the SASL library?

Hmmm, you are right about this. But I also have my reasons. See below.
> > The caller seems innocent:
> > ========================================
> > <apManager>  (Tue Mar 31 2009 
> 16:39:02.518)<p27931,t3079396256,aba_ldap_interface.c,6666>
> >       INFO>>  Value of hostname sesswin2003:389
> Fix that. MozLDAP isn't parsing it correctly; just use the hostname.
> The C API spec says that this is allowed to be in host:port 
> form, and the LDAP library is supposed to recognize that and 
> parse it appropriately when this form is passed in. MozLDAP 
> doesn't parse it though, it uses it verbatim. When it hands 
> this host:port form to SASL, which expects hostname and 
> portnumber as two separate parameters, things fail.
> The Mozilla LDAP codebase deviates from (or simply fails to 
> implement) the LDAP specs in lots of ways. I guess here's a 
> case where it failed to follow the SASL API as well.

But how to explain in case of simple LDAP binding, the format "host:port" can be handled (the format "host:port" can be recognized and separated for DNS request)? In both simple binding and sasl binding, they are using the same function, with the same paremeter passed in. Thus, I can't help thinking something is not quite right with SASL libraries. But what you said is also reasonable, SASL works well with OpenLDAP, so it can hardly be faulted. 

A side note: In my printer, I found SASL library depends on OpenLDAP libraries, while in my case, it is supposed to interact with MozLDAP library: 
MBC107:/usr/lib <190> ldd =>  (0xffffe000) => /lib/ (0xb7f38000) => /lib/ (0xb7f06000) => /lib/ (0xb7f02000) => /lib/ (0xb7ea4000) => /usr/lib/ (0xb7e92000) => /lib/ (0xb7e64000) => /lib/ (0xb7e50000) => /lib/ (0xb7e2c000) => /usr/lib/ (0xb7e0d000) => /lib/ (0xb7dd9000) => /lib/ (0xb7cc8000) => /lib/ (0xb7bc0000)
        /lib/ (0x80000000) => /lib/ (0xb7b4b000) => /lib/ (0xb7b38000) => /lib/ (0xb7b2b000) => /lib/ (0xb7b06000) => /lib/ (0xb7b02000) => /usr/lib/ (0xb7afe000)
In the list, and are components of OpenLDAP. I don't know this has any effect on the DNS error.

> If you want code that actually works and adheres to 
> standards, stick with OpenLDAP.

But our printers are using MozLDAP SDK, not OpenLDAP. Alas!

Xu Qiang

More information about the Cyrus-sasl mailing list