Date: Mon, 19 Aug 2002 16:00:24 -0400 From: "Robin P. Blanchard" <robin.blanchard@georgiacenter.org> To: "Scot W. Hetzel" <hetzels@westbend.net> Cc: ports@freebsd.org Subject: Re: cyrus / sasl / ldap woes Message-ID: <3D614E58.70409@georgiacenter.org> References: <3D611B4F.2050605@georgiacenter.org> <009b01c247a9$040189d0$11fd2fd8@ADMIN00>
next in thread | previous in thread | raw e-mail | index | archive | help
Scot W. Hetzel wrote: > From: "Robin P. Blanchard" <robin.blanchard@georgiacenter.org> > >>freshly installed -STABLE with freshly installed ports: >> >>cyrus-imapd-2.0.16_3 >>cyrus-sasl-1.5.27_6 >>db3-3.2.9_3,1 >>makedepend-2000.12.28 >>openldap-2.0.25 >> > > >>This test box has the same config as the following, working (production) >>box; but imapd doesn't talk to LDAP (tcpdump verifies this), it just >>checks the sasldb file and gives up. >> >>now, our production mail server is 4.6-STABLE (Sun Jun 16 23:39:27 EDT >>2002) with the following ports: >> >>cyrus-imapd-2.0.16_2 >>cyrus-sasl-1.5.27_1 >>db3-3.2.9_3,1 >>makedepend-2000.12.28 >>openldap-2.0.21 >> > > >>is still chugging along just great, authenticating against LDAP. >> >>anyone else using the combo of ports? any success with the current revs? >> >>ideas? >> > > Does OpenLDAP 2.0.25 have SASL compiled into it, as there is a known problem > with OpenLDAP v2 when it has SASL linked with it, (i.e SASL -> > LDAP ->SASL -> LDAP ..... loop). > > 0 - Update to 1.5.27 > (sasl-1.5.27-ldap-ssl-filter-mysql-patch3) > 1 - Fix OpenLDAP v1, PAM pwcheck daemon, JavaSASL > (sasl-1.5.27-ldap-ssl-filter-mysql-patch3) > 2 - KRB5 Fix > 3 - Update to sasl-1.5.27-ldap-ssl-filter-mysql-patch4 > 4 - Update to fixed sasl-1.5.27-ldap-ssl-filter-mysql-patch4 > 5 - Move include files to sasl1 > 6 - Enable saslauthd, and make it default pwcheck method > > Try changing the ports Makefile to use *patch3 instead of *patch4, then run > a make makesum, and make build/install. Then test if you can use LDAP. > > Let me know the results. > > Another option you have is to switch to using saslauthd (w -a pam), then > configuring PAM for LDAP lookups (pop3, imap, ..). Ok...took the new/broken box and removed cyrus-imapd-2.0.16_3 and cyrus-sasl-1.5.27_6. pkg_tarup'ed older versions from working/production server. Force pkg_added them (to use new openldap-2.0.25 libs -- so, problem is not related to ldap rev). SASL is again talking to LDAP. So...when things got broken? Not sure. But it's (sasl and/or cyrus-imap) certainly currently broken. And now back to the real problem...Hopefully getting cyrus/sasl to auth against AD as opposed to openldap. -- ---------------------------------------- Robin P. Blanchard Systems Integration Specialist Georgia Center for Continuing Education fon: 706.542.2404 <|> fax: 706.542.6546 ---------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D614E58.70409>