Red Hat Bugzilla – Bug 113406
Saslauthd and missing ldap support
Last modified: 2007-11-30 17:10:35 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1)
Description of problem:
This packages contains saslauthd daemon compiled without ldap support.
Can you add it, please?
Ldap functionality is more stable than pam_ldap, is very well tested
during 2 last year on different environment with excellent results.
While with pam need you have root privilegies to authenticate against
shadow password file, with saslauthd you dont need it. I hope
pam will be replaced by saslauthd in future. Howgh.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Created attachment 97420 [details]
Patch that Adds Support for RFC2307 LDAP Groups
I too would like to see LDAP enabled as part of this RPM. I use Cyrus
SASL's LDAP support, so I modify and rebuild the source RPM each time
a new RPM is released. It would be nice to be able to use the stock RPM.
In addition to enabling LDAP support, consider applying the attached
patch. The patch modifies saslauthd/LDAP_SASLAUTHD, saslauthd/lak.c
and saslauthd/lak.h files in 2.1.17. In addition to containing some
bug fixes picked up from the CVS version, the patch adds support for
more flexible group restriction in a backward compatible fashion. In
particular, these files enable the RFC2307 style LDAP groups not just
RFC2307bis style LDAP groups. (Basically, the difference is whether
the user's uid or user's dn is used to represent the user in the
group.) This allows groups to be more consistant across the LDAP
backend for NSS/PAM, SAMBA (and smbldap-tools), FreeRADIUS, and SASL
enabled services such as Cyrus IMAPD and Sendmail.
I'm reluctant to do this mainly because (as of 2.1.17) ldap support in
saslauthd is still marked experimental.
Created attachment 97651 [details]
Experimental status means the new features will be added in future.
Not related to code stability.
Experimental state was removed and new version is coming.
2004-01-23 Rob Siemborski <firstname.lastname@example.org>
* Remove "experimental" designation from saslauthd/ldap
* Correct handling of sasl_setpass errors when no
mechanisms implement the setpass interface
(Alexey Melnikov <Alexey.Melnikov@isode.com>)
Paul's patch was incorporated to upstream.
2004-02-24 Rob Siemborski <email@example.com>
* acinclude.m4: move to config/libtool.m4
* saslauthd/lak.[ch]: Added filter based group membership check
(Paul Bender <firstname.lastname@example.org>, Igor Brezac
Version 2.1.18 is there.
2004-03-10 Rob Siemborski <email@example.com>
* lib/dlopen.c: HPUX 11 Fix (Alexey Melnikov
* Add sasl_version_info() (Alexey Melnikov
* Add a bunch of NTMakefile files to EXTRA_DIST in Makefile.am's
* Ready for 2.1.18
Nalin, catch it before test2 devel freeze, please.
Yes, please switch to 2.1.18:
Changes: This release contains a large number of bugfixes and
cleanups from the last version, including fixes for a Solaris 9 IPv6
issue, a problem with a number of missing files in the distribution,
the removal of the "experimental" tag from the saslauthd LDAP module,
and support for LDAP group filters within saslauthd.
LDAP support would by great!
cyrus-sasl-2.1.18-1 works well. Great thanks.
If no negative reports from another users, I think we
can close this bug.