From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040217 Description of problem: Please consider upgrading openldap from version 2.1.25 to 2.1.27. It contains the patch from ITS#2926 <http://www.openldap.org/its/index.cgi?findid=2926>. It changes the sasl callbacks to a per-session based model. This is needed to get cyrus-imapd work with other authentication methods than PLAIN and LOGIN (eg. non-cleartext authentication forms). Changelog below: OpenLDAP 2.1.27 Release Fixed slapd replog ordering bug (ITS#2512) Fixed slapd uninitialized variable bug Fixed libldap SASL client callbacks (ITS#2926) Build Environment Fixed gai_strerr portability problem (ITS#2643) Fixed DNS res_query portabilitiy problem OpenLDAP 2.1.26 Release Fixed slapd bdb error recovery bug (ITS#2865) Fixed slapd bdb IDL cache cleanup bug (ITS#2917) Fixed slapd SASL auxprop typo (ITS#2909) Fixed slapd backglue segfault (ITS#2924) Fixed slapd bind mech in authDN (ITS#2871) Fixed back-ldap compare operation (ITS#2893) Fixed back-ldap suffix massage when --enable-rewrite=no (ITS#2923) Fixed libldap sort references bug (ITS#2494) Fixed libldap SASL_MECH bug (ITS#2717) Fixed lutil_passwd base64 length bugs (ITS#2835, ITS#2869) Updated librewrite (ITS#2787) Updated slurpd (misc bug fixes) Build Environment Updated release documents Documentation Misc man page updates Thanks.
Created attachment 98260 [details] trivial patch to openldap.spec version 2.1.25 to 2.1.27
Correction to original reasoning.. "it is needed to get cyrus-sasl not to segfault when attempting to authenticate using auxprop ldapdb" (which is not shipped right now though) Authentication via pam_ldap (or similar) with PLAIN/LOGIN simply sucks. :-)
2.1.29 in rahwide, closing this.