Postfix, SASL/SASL2 and LDAP

Diego Rivera lrivera at racsa.co.cr
Sun Sep 28 21:59:18 EDT 2003


figured as much.

I upgraded to OpenLDAP 2.1.22, and recompiled a TON of stuff that goes
with it....

The upside is that the setup this is for is still experimental, so
there's still time for newer distros (like Mandrake 9.2 which is just
around the corner) to incorporate all the stuff I need already built
with SASL2.

Thanks for the quick answer guys.

Best

On Sun, 2003-09-28 at 05:18, Simon Matter wrote:
> Hi Diego,
> 
> I ran into the same problem several times because I simply couldn't
> believe this limitation exists. I always thought it was a mistake on my
> side.
> 
> I'm using OpenLDAP, Cyrus-sasl, Cyrus-IMAPd and Postfix. I'm using RedHat
> so I'm also using OpenLDAP 2.0.x! This results in the following
> limitation:
> - If I use Postfix with LDAP, I build it with support for LDAP and SASL1.
> - If I use Postfix with SMTP-AUTH, I build it with SASL2 and TLS, NO LDAP.
> 
> I hope this will not be needed anymore when OpenLDAP 2.1.x becomes the
> standard in newer distributions.
> 
> Simon
> 
> > Hello all
> >
> > First - for reference, I run Mandrake 9.1 PowerPack.
> >
> > I have a rather complex problem:  turns out I recompiled postfix to use
> > SASL2 so I could use saslauthd (the 1.5 SASL libs that come with
> > Mandrake 9.1 don't seem to like saslauthd - can't recall if they ever
> > worked with it or not).
> >
> > Now the can of worms shows itself: when NOT using LDAP (via nss_ldap),
> > Postfix works fine and authenticates beautifully.  When LDAP is thrown
> > into the mix (at ANY level) Postfix goes insane with segfaults.
> >
> > Upon further checking it seems libldap uses libsasl7, but NOT libsasl2
> > (the one that Postfix uses).  I tried recompiling LDAP to use libsasl2
> > (OpenLDAP 2.0.27), but no luck - won't work with it.
> >
> > I haven't tried the OpenLDAP 2.1.X branch yet and I don't mean to just
> > yet, cuz it would mean I'd have to maintain it for security updates.
> > But it is an option.  I don't even know if that branch uses SASL2 or
> > what.
> >
> > So my problem is that both versions of SASL libraries are getting mixed
> > up.   I'm no genius, but I KNOW this tends to be a problem in general.
> >
> > My question is: am I totally screwed?  Will I be forced to go to
> > OpenLDAP 2.1.X and recompile EVERYTHING that touches LDAP (especially
> > hoping that 2.1.X is backward-compatible with 2.0.X)?
> >
> > HELP!!!
> >
> > Best wishes,
> >
> > Diego
> > --
> > ==========================================================* Diego Rivera
> >                                          *
> > *                                                         *
> > * "The Disease: Windows, the cure: Linux"                 *
> > *                                                         *
> > * E-mail: lrivera<AT>racsa<DOT>co<DOT>cr                  *
> > * Replace: <AT>='@', <DOT>='.'                            *
> > *                                                         *
> > * GPG: BE59 5469 C696 C80D FF5C  5926 0B36 F8FF DA98 62AD *
> > * GPG Public Key avaliable at: http://pgp.mit.edu         *
> > ==========================================================
-- 
===========================================================
* Diego Rivera                                            *
*                                                         *
* "The Disease: Windows, the cure: Linux"                 *
*                                                         *
* E-mail: lrivera<AT>racsa<DOT>co<DOT>cr                  *
* Replace: <AT>='@', <DOT>='.'                            *
*                                                         *
* GPG: BE59 5469 C696 C80D FF5C  5926 0B36 F8FF DA98 62AD *
* GPG Public Key avaliable at: http://pgp.mit.edu         *
===========================================================
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.andrew.cmu.edu/mailman/private/info-cyrus/attachments/20030928/8a1c74c0/attachment.bin


More information about the Info-cyrus mailing list