Date: Fri, 25 Aug 2006 10:14:55 +0400 From: "Michael Bushkov" <bushman@rsu.ru> To: "Tom McLaughlin" <tmclaugh@sdf.lonestar.org>, "Brooks Davis" <brooks@one-eyed-alien.net> Cc: Dag-Erling Sm?rgrav <des@des.no>, freebsd-current@freebsd.org, LI Xin <delphij@delphij.net>, Alexander Leidinger <Alexander@Leidinger.net> Subject: Re: [HEADS UP]: OpenLDAP+nss_ldap+nss_modules separated patch andmore (SoC) Message-ID: <002001c6c80d$cedcba60$9800a8c0@carrera> References: <44E9582C.2010400@rsu.ru> <44EAA213.6010507@delphij.net> <002901c6c5ba$628b67d0$9800a8c0@carrera> <86hd0423zk.fsf@xps.des.no> <44EB302A.7010106@rsu.ru> <20060823121157.yawh6f8e844w4osc@netchild.homeip.net> <86u043znbz.fsf@xps.des.no> <20060823144347.GB24652@lor.one-eyed-alien.net> <1156464193.1394.14.camel@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Tom McLaughlin wrote:
> Will it also be possible to build openldap in base with SASL support?
> My understanding is Windows AD environments by default require all
> connections to be authenticated via kerberos. (It's also a requirement
> for the samba+openldap+krb5 setup I'm doing for work. ;) I saw a
> comment about adding support for krb5_ccname in the config file. That's
> a very useful option in the PADL version so I'm guessing this was
> written with supporting SASL in mind? Thanks.
>
> tom
Hi,
sasl in OpenLDAP (and in nss_ldap) is supported in the way similar to
Sendmail:
CFLAGS+= ${OPENLDAP_CFLAGS}
LDFLAGS+= ${OPENLDAP_LDFLAGS}
LDADD+= ${OPENLDAP_LDADD}
By defining,
OPENLDAP_CFLAGS=-I/usr/local/include -DSASL
OPENLDAP_LDFLAGS=-L/usr/local/lib
OPENLDAP_LDADD=-lsasl
you'll enable sasl support both for OpenLDAP and nss_ldap.
BTW, I'll be able to implement and properly test krb5-ccname during the
beginning of September.
With best regards,
Michael Bushkov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002001c6c80d$cedcba60$9800a8c0>