Hello Anax, I did the installation from openldap rpm files. And yes - if there is no other option then i have to go to re-compiling the entire system with SASL enabled packages.
But my Q's is: Q> First i need to install the cyrus-sasl package and then i need to install the open-ldap with sasl option?? Plz confirm if my understanding is correct? Thanks and Regards, Gaurav Gugnani On Wed, Feb 15, 2012 at 5:34 PM, anax <[email protected]> wrote: > Hoi Gaurav > if you did a vanilla install from a distro, you may be as lucky as to find > a package in this distro (such as openldap-sasl or similar), which > "converts" your LDAP server into an LDAP server, which is SASL capable. > If there is no such package, there is no way around recompilation of the > LDAP server. > Also, have you considered upgrading or re-installing the entire system? > > suomi > > > On 02/15/2012 12:04 PM, Gaurav Gugnani wrote: > >> Hello Howard, >> >> Thks for your support. >> I installed open ldap from source. >> >> So, *the crux is:* >> >> Q> First i need to install the cyrus-sasl package and then i need to >> install the open-ldap with sasl option?? >> Plz confirm if my understanding is correct? >> >> Now, my scenario is this: >> In production open-ldap is already running with bind method =SIMPLE. >> So, How can i switch to bind method=SASL? >> >> I can plan for downtime, But re-compiling will take lot of time...and >> its bit risky too. >> Do we have any other way to implement SASL? >> >> Thanks and Regards, >> Gaurav Gugnani >> >> On Wed, Feb 15, 2012 at 3:52 PM, Howard Chu <[email protected] >> <mailto:[email protected]>> wrote: >> >> Dieter Klünter wrote: >> >> Am Wed, 15 Feb 2012 10:19:10 +0530 >> schrieb Gaurav Gugnani<gugnanigaurav@gmail.__**com >> <mailto:gugnanigaurav@gmail.**com <[email protected]>>>: >> >> >> Hello All, >> >> I'm *trying to implement SASL on the openldap of version >> 2.4.26.* >> >> First we install the openldap and then we install the necessary >> packages of cyrus-sasl. >> >> *Packages of cyrus-sasl:* (installed in below mentioned order) >> cyrus-sasl-lib-2.1.22-5.el5_4.**__3.x86_64.rpm >> cyrus-sasl-devel-2.1.22-5.el5_**__4.3.x86_64.rpm >> cyrus-sasl-plain-2.1.22-5.el5_**__4.3.x86_64.rpm >> cyrus-sasl-2.1.22-5.el5_4.3.__**x86_64.rpm >> cyrus-sasl-ldap-2.1.22-5.el5__**_4.3.x86_64.rpm >> cyrus-sasl-md5-2.1.22-5.el5_4.**__3.x86_64.rpm >> >> >> After then i set up the SASL with proper ACL's (having the >> steps and >> also i setup the same on some other box where it running fine) >> *Steps:* >> *1> *Modify /usr/lib64/sasl2/slapd.conf >> *# SASL Configuration >> pwcheck_method: auxprop >> auxprop_plugin: slapd >> mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5* >> *2> *Modify $LDAP_HOME/etc/openladp/slapd.**__conf >> >> *password-hash {CLEARTEXT} >> authz-regexp uid=(.*),cn=DIGEST-MD5,cn=auth >> uid=$1,ou=System,o=xyz* >> >> but it throws all together different error to me: >> /u01/app/openldap/product/2.4.**__26/etc/openldap> >> ldapwhoami -Y >> >> DIGEST-MD5 ldapwhoami: not compiled with SASL support >> >> And similar errors for ldapsearch and other commands. >> >> It suggests to me that some package installation is not proper. >> >> Can any one guide me on this. >> >> >> Check whether ldapwhoami is linked against libsasl2, >> ldd ldapwhoami >> >> >> There is nothing to check. The error message "not compiled with SASL >> support" could not be any plainer. >> >> If he installed OpenLDAP from a distro package, then he needs to >> complain to his distro provider. If he built OpenLDAP from source, >> then of course it had no SASL support since he says he didn't >> install SASL until *after* he installed OpenLDAP. Obviously you >> can't compile with SASL support if the SASL devel packages weren't >> already present at compile time. >> >> -- >> -- Howard Chu >> CTO, Symas Corp. http://www.symas.com >> Director, Highland Sun http://highlandsun.com/hyc/ >> Chief Architect, OpenLDAP >> http://www.openldap.org/__**project/<http://www.openldap.org/__project/> >> <http://www.openldap.org/**project/ <http://www.openldap.org/project/> >> > >> >> >> >
