Hello Howard, Thks for your support. I installed open ldap from source.
So, *the crux is:* Q> First i need to install the cyrus-sasl package and then i need to install the open-ldap with sasl option?? Plz confirm if my understanding is correct? Now, my scenario is this: In production open-ldap is already running with bind method =SIMPLE. So, How can i switch to bind method=SASL? I can plan for downtime, But re-compiling will take lot of time...and its bit risky too. Do we have any other way to implement SASL? Thanks and Regards, Gaurav Gugnani On Wed, Feb 15, 2012 at 3:52 PM, Howard Chu <[email protected]> wrote: > Dieter Klünter wrote: > >> Am Wed, 15 Feb 2012 10:19:10 +0530 >> schrieb Gaurav Gugnani<gugnanigaurav@gmail.**com<[email protected]> >> >: >> >> Hello All, >>> >>> I'm *trying to implement SASL on the openldap of version 2.4.26.* >>> >>> First we install the openldap and then we install the necessary >>> packages of cyrus-sasl. >>> >>> *Packages of cyrus-sasl:* (installed in below mentioned order) >>> cyrus-sasl-lib-2.1.22-5.el5_4.**3.x86_64.rpm >>> cyrus-sasl-devel-2.1.22-5.el5_**4.3.x86_64.rpm >>> cyrus-sasl-plain-2.1.22-5.el5_**4.3.x86_64.rpm >>> cyrus-sasl-2.1.22-5.el5_4.3.**x86_64.rpm >>> cyrus-sasl-ldap-2.1.22-5.el5_**4.3.x86_64.rpm >>> cyrus-sasl-md5-2.1.22-5.el5_4.**3.x86_64.rpm >>> >>> After then i set up the SASL with proper ACL's (having the steps and >>> also i setup the same on some other box where it running fine) >>> *Steps:* >>> *1> *Modify /usr/lib64/sasl2/slapd.conf >>> *# SASL Configuration >>> pwcheck_method: auxprop >>> auxprop_plugin: slapd >>> mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5* >>> *2> *Modify $LDAP_HOME/etc/openladp/slapd.**conf >>> *password-hash {CLEARTEXT} >>> authz-regexp uid=(.*),cn=DIGEST-MD5,cn=auth >>> uid=$1,ou=System,o=xyz* >>> >>> but it throws all together different error to me: >>> /u01/app/openldap/product/2.4.**26/etc/openldap> ldapwhoami -Y >>> DIGEST-MD5 ldapwhoami: not compiled with SASL support >>> >>> And similar errors for ldapsearch and other commands. >>> >>> It suggests to me that some package installation is not proper. >>> >>> Can any one guide me on this. >>> >> >> Check whether ldapwhoami is linked against libsasl2, >> ldd ldapwhoami >> > > There is nothing to check. The error message "not compiled with SASL > support" could not be any plainer. > > If he installed OpenLDAP from a distro package, then he needs to complain > to his distro provider. If he built OpenLDAP from source, then of course it > had no SASL support since he says he didn't install SASL until *after* he > installed OpenLDAP. Obviously you can't compile with SASL support if the > SASL devel packages weren't already present at compile time. > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP > http://www.openldap.org/**project/<http://www.openldap.org/project/> > >
