[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to configure openLDAP with SASL Digest-MD5 (UNDEFINED SYMBOL: DES_ede3_cbc_encrypt)



--- Lara Adianto <m1r4cle_26@yahoo.com> wrote:
> 
> --- Tony Earnshaw <tonye@billy.demon.nl> wrote:
> > man, 09.02.2004 kl. 09.33 skrev Lara Adianto:
> > 
> > > I have openLDAP-2.1.25 with simple
> authentication
> > > (without SSL/TLS) works fine on my machine
> RedHat
> > > Linux 9.0 kernel 2.4.20-8.
> > 
> > *Thanks* (sigh of relief) for giving OS and distro
> > details :) I don't
> > have to slag you off or ignore you ...
> > 
> > > I'm now trying to incorporate the SASL
> Digest-MD5
> > > authentication on it. I have followed the 'SASL
> > > Configuration: Digest-MD5' guide from LDAP Linux
> > HOWTO
> > > but still can't get it right.
> > 
> > To begin with, setting up SASL with Openldap
> 2.1/2.2
> > is a wretch. After
> > a while, you get used to the train of thought, and
> > it becomes second
> > nature. Though it becomes worse when you have to
> > arrange for a Cyrus
> > SASL auxprop *proxy* SASL user - for Postfix smtp
> > AUTH, for example.
> > 
> > [...]
> > 
> > > While the server is installed with the following
> > > configuration:
> > > # CPPFLAGS="-I/usr/local/include"
> > > LDFLAGS="-L/usr/local/lib" ./configure
> > --prefix=/usr
> > > --libexecdir=/usr/sbin --sysconfdir=/etc
> > > --localstatedir=/var/run --enable-debug
> > --disable-ipv6
> > > --with-cyrus-sasl --without-kerberos
> --without-tls
> > > --enable-crypt --enable-passwd --enable-ldbm
> > 
> > This is your privilege. If I'm compiling anything
> > that might conflict
> > with standard Ma RedHat, it goes into /usr/local,
> > will he, nil he. Then
> > I can point specific compiles at my own stuff,
> > without conflicting with
> > RH.
> > 
> > > I have successfully created the sasl user
> database
> > > using 'saslpasswd2 -c admin' command.
> > 
> > The point about Openldap 2.1 SASL is, that you
> don't
> > make any use of the
> > Cyrus saslauthd or saslpasswd?. Everything is done
> > within Openldap.
> > 
> > [...]
> > 
> > > sasl-regexp
> > uid=(.*),cn=rdnt03,cn=DIGEST-MD5,cn=auth
> > > uid=$1,ou=People,o=Ever
> > 
> > Don't look right to me. If you want DIGEST-MD5,
> try:
> > 
> > sasl-regexp uid=(.*),cn=digest-md5,cn=auth
> > "ldap:///ou=People,o=Ever??sub?uid=$1";
> > 
> > Why? Because that's the standard way of Openldap
> > SASL mapping. And that
> > way, you short-circuit the whole extraneous Cyrus
> > SASL authentication
> > mechanism, whilst still using the SASL2 libraries.
> 
> Yes, I get what you mean, but it still doesn't
> explain
> the following problem:
> 
> # sasldblistusers2
> db failure
> listusers failed
> 
Well, I found out the source of the error of the above
error message.
Looking into the log messages recorded:
Feb 11 14:36:03 localhost sasldblistusers2: unable to
dlopen /usr/lib/sasl2/libdigestmd5.so.2:
/usr/lib/sasl2/libdigestmd5.s
o.2: undefined symbol: DES_ede3_cbc_encrypt

I'm not sure how to solve the problem though.

I have an older version of cyrus-sasl in my machine,
and I have no problem with creating and listing the
users using saslpasswd and sasldblistusers.

Does anybody outhere know how to solve this?

Regards,
lara

=====
------------------------------------------------------------------------------------ 
La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit
                                                                        - Guy de Maupassant -
------------------------------------------------------------------------------------

__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/