Bug 113406 - Saslauthd and missing ldap support
Saslauthd and missing ldap support
Product: Fedora
Classification: Fedora
Component: cyrus-sasl (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Brian Brock
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2004-01-13 11:48 EST by Petr Krištof
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version: cyrus-sasl-2.1.18-1
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-03-31 04:50:29 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch that Adds Support for RFC2307 LDAP Groups (45.95 KB, patch)
2004-02-02 17:47 EST, Paul Bender
no flags Details | Diff
cyrus-sasl.spec.patch (394 bytes, patch)
2004-02-13 11:48 EST, Petr Krištof
no flags Details | Diff

  None (edit)
Description Petr Krištof 2004-01-13 11:48:27 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1)

Description of problem:
This packages contains saslauthd daemon compiled without ldap support.
Can you add it, please?

Ldap functionality is more stable than pam_ldap, is very well tested
during 2 last year on different environment with excellent results.

---off topic---
While with pam need you have root privilegies to authenticate against
shadow password file, with saslauthd you dont need it. I hope
pam will be replaced by saslauthd in future. Howgh.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Additional info:
Comment 1 Paul Bender 2004-02-02 17:47:47 EST
Created attachment 97420 [details]
Patch that Adds Support for RFC2307 LDAP Groups
Comment 2 Paul Bender 2004-02-02 17:49:18 EST
I too would like to see LDAP enabled as part of this RPM. I use Cyrus
SASL's LDAP support, so I modify and rebuild the source RPM each time
a new RPM is released. It would be nice to be able to use the stock RPM.

In addition to enabling LDAP support, consider applying the attached
patch. The patch modifies saslauthd/LDAP_SASLAUTHD, saslauthd/lak.c
and saslauthd/lak.h files in 2.1.17. In addition to containing some
bug fixes picked up from the CVS version, the patch adds support for
more flexible group restriction in a backward compatible fashion. In
particular, these files enable the RFC2307 style LDAP groups not just
RFC2307bis style LDAP groups. (Basically, the difference is whether
the user's uid or user's dn is used to represent the user in the
group.) This allows groups to be more consistant across the LDAP
backend for NSS/PAM, SAMBA (and smbldap-tools), FreeRADIUS, and SASL
enabled services such as Cyrus IMAPD and Sendmail.
Comment 3 Nalin Dahyabhai 2004-02-02 18:11:26 EST
I'm reluctant to do this mainly because (as of 2.1.17) ldap support in
saslauthd is still marked experimental.
Comment 4 Petr Krištof 2004-02-13 11:48:06 EST
Created attachment 97651 [details]

Experimental status means the new features will be added in future.
Not related to code stability.
Experimental state was removed and new version is coming.

From Changelog:

2004-01-23  Rob Siemborski <rjs3@andrew.cmu.edu>
	* Remove "experimental" designation from saslauthd/ldap
	* Correct handling of sasl_setpass errors when no
	  mechanisms implement the setpass interface
	  (Alexey Melnikov <Alexey.Melnikov@isode.com>)
Comment 5 Petr Krištof 2004-03-10 11:07:48 EST
Paul's patch was incorporated to upstream.

2004-02-24  Rob Siemborski <rjs3@andrew.cmu.edu>
        * acinclude.m4: move to config/libtool.m4
        * saslauthd/lak.[ch]: Added filter based group membership check
          (Paul Bender <pbender@qualcomm.com>, Igor Brezac
Comment 6 Petr Krištof 2004-03-10 11:14:23 EST
Version 2.1.18 is there.

2004-03-10  Rob Siemborski <rjs3@andrew.cmu.edu>
        * lib/dlopen.c: HPUX 11 Fix (Alexey Melnikov
        * Add sasl_version_info() (Alexey Melnikov
        * Add a bunch of NTMakefile files to EXTRA_DIST in Makefile.am's
        * Ready for 2.1.18

Nalin, catch it before test2 devel freeze, please.
Comment 7 Dirk Nehring 2004-03-12 06:31:15 EST
Yes, please switch to 2.1.18:

Changes: This release contains a large number of bugfixes and 
cleanups from the last version, including fixes for a Solaris 9 IPv6 
issue, a problem with a number of missing files in the distribution, 
the removal of the "experimental" tag from the saslauthd LDAP module, 
and support for LDAP group filters within saslauthd.

LDAP support would by great!
Comment 8 Petr Krištof 2004-03-18 05:14:59 EST
cyrus-sasl-2.1.18-1 works well. Great thanks.

If no negative reports from another users, I think we
can close this bug.
Comment 9 Petr Krištof 2004-03-31 04:50:29 EST
Nalin, thanks.

Note You need to log in before you can comment on or make changes to this bug.