Bug 113406
| Summary: | Saslauthd and missing ldap support | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Petr Krištof <petr> | ||||||
| Component: | cyrus-sasl | Assignee: | Nalin Dahyabhai <nalin> | ||||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Brian Brock <bbrock> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | medium | ||||||||
| Version: | 1 | CC: | dnehring | ||||||
| Target Milestone: | --- | Keywords: | FutureFeature | ||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | cyrus-sasl-2.1.18-1 | Doc Type: | Enhancement | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2004-03-31 09:50:29 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
Created attachment 97420 [details]
Patch that Adds Support for RFC2307 LDAP Groups
I too would like to see LDAP enabled as part of this RPM. I use Cyrus SASL's LDAP support, so I modify and rebuild the source RPM each time a new RPM is released. It would be nice to be able to use the stock RPM. In addition to enabling LDAP support, consider applying the attached patch. The patch modifies saslauthd/LDAP_SASLAUTHD, saslauthd/lak.c and saslauthd/lak.h files in 2.1.17. In addition to containing some bug fixes picked up from the CVS version, the patch adds support for more flexible group restriction in a backward compatible fashion. In particular, these files enable the RFC2307 style LDAP groups not just RFC2307bis style LDAP groups. (Basically, the difference is whether the user's uid or user's dn is used to represent the user in the group.) This allows groups to be more consistant across the LDAP backend for NSS/PAM, SAMBA (and smbldap-tools), FreeRADIUS, and SASL enabled services such as Cyrus IMAPD and Sendmail. I'm reluctant to do this mainly because (as of 2.1.17) ldap support in saslauthd is still marked experimental. Created attachment 97651 [details]
cyrus-sasl.spec.patch
Experimental status means the new features will be added in future.
Not related to code stability.
Experimental state was removed and new version is coming.
From Changelog:
2004-01-23 Rob Siemborski <rjs3.edu>
* Remove "experimental" designation from saslauthd/ldap
* Correct handling of sasl_setpass errors when no
mechanisms implement the setpass interface
(Alexey Melnikov <Alexey.Melnikov>)
Paul's patch was incorporated to upstream.
2004-02-24 Rob Siemborski <rjs3.edu>
* acinclude.m4: move to config/libtool.m4
* saslauthd/lak.[ch]: Added filter based group membership check
(Paul Bender <pbender>, Igor Brezac
<igor>)
Version 2.1.18 is there.
2004-03-10 Rob Siemborski <rjs3.edu>
* lib/dlopen.c: HPUX 11 Fix (Alexey Melnikov
<Alexey.Melnikov>)
* Add sasl_version_info() (Alexey Melnikov
<Alexey.Melnikov>)
* Add a bunch of NTMakefile files to EXTRA_DIST in Makefile.am's
* Ready for 2.1.18
Nalin, catch it before test2 devel freeze, please.
Yes, please switch to 2.1.18: Changes: This release contains a large number of bugfixes and cleanups from the last version, including fixes for a Solaris 9 IPv6 issue, a problem with a number of missing files in the distribution, the removal of the "experimental" tag from the saslauthd LDAP module, and support for LDAP group filters within saslauthd. LDAP support would by great! cyrus-sasl-2.1.18-1 works well. Great thanks. If no negative reports from another users, I think we can close this bug. Nalin, thanks. |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1) Gecko/20031114 Description of problem: This packages contains saslauthd daemon compiled without ldap support. Can you add it, please? Ldap functionality is more stable than pam_ldap, is very well tested during 2 last year on different environment with excellent results. ---off topic--- While with pam need you have root privilegies to authenticate against shadow password file, with saslauthd you dont need it. I hope pam will be replaced by saslauthd in future. Howgh. --------------- Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. 2. Additional info: