I've tried using that ldap patch for SASL, and then the SASL wouldn't even compile. When I tried to use the process described below, I get the "death by 11" error in the logs.
Tarjei Huse wrote: > > Hmm. This is interesting. What version of openldap are you using? Most of the > ldap patches relate to OL2 that has a issue with sasl. > > Tarjei > > Lee Hoffman wrote: > > > > Ive had a heck of a time getting LDAP/cyrus/postfix all working > > together, but I finally did it. These were my stumbling blocks, maybe > > one of them will fix your problems: > > > > (all done on debian 2.2r3 with latest cyrus/cyrus-sasl) > > > > Do Not apply the cyrus-ldap patches. Ive tried them all and all I found > > was that they caused cyrus to miss-behave (crash, core-dump etc...). > > > > Instead use cyrus-sasl with PAM-LDAP. Follow the directions for > > compiling them, except for one note: > > > > Run : > > export LDFLAGS=-L/usr/local/BerkeleyDB.3.3/lib > > export CPPFLAGS=-I/usr/local/BerkeleyDB.3.3/include > > > > before compiling sasl in order to ensure that it links against > > BerkelelyDB (this caused me A LOT of problems). > > > > All in all my configs looked something like this: > > > > #SASL > > export LDFLAGS=-L/usr/local/BerkeleyDB.3.3/lib > > export CPPFLAGS=-I/usr/local/BerkeleyDB.3.3/include > > ./configure --disable-krb4 --disable-gssapi # --with-ldap=/usr/local/lib > > > > #CYRUS > > ./configure --with-cyrus-group=cyrus --with-cyrus-user=cyrus > > --with-ssl=/usr/local/ssl --with-dbdir=/usr/local/BerkeleyDB.3.3 > > > > make depend > > make all CFLAGS=-O > > > > Hope this helps, > > Lee > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]] On Behalf Of Tarjei Huse > > Sent: Friday, November 09, 2001 5:26 PM > > To: Gardiner Leverett > > Cc: [EMAIL PROTECTED] > > Subject: Re: Solaris 7 and Cyrus 2.0.16/LDAP/SASL/PAM > > > > This lookes like the good old SASL-LDAP problem. Have you read the FAQ? > > Faq: cyrus-utils.sf.net/faq have a special look at the death by 11 > > section :) > > > > Hope this helps. > > > > Tarjei > > > > Gardiner Leverett wrote: > > > > > > I have a rather complicated load I'm trying to do. I've been going > > > through the archives without any answers. > > > > > > I have a server running Solaris 2.7, and I'm trying to build Cyrus > > 2.0.16 > > > with SASL 1.5.24, OpendLDAP 2.0.18, and pam_ldap 1.33. > > > > > > I can't even tell if any of this is working as the imap server doesn't > > > even respond when connecting via the telnet port. I get: > > > > > > # telnet localhost imap > > > Trying 127.0.0.1... > > > Connected to localhost. > > > Escape character is '^]'. > > > Connection closed by foreign host. > > > > > > When I run the imtest: > > > > > > # ./imtest -m login localhost > > > C: C01 CAPABILITY > > > failure: prot layer failure > > > > > > I originally built the server to check against the password file, and > > I > > > received this error. I have re-compiled Cyrus to use OpenLDAP and I > > still > > > have received this error. I can't determine if any of the > > > OpenLDAP/PAM/SASL issues others have mentioned on this list and other > > are > > > related since the server doesn't even work. > > > > > > The configure line I used to build this server was: > > > > > > ./configure --prefix=/private/cyrus > > --with-sasl=/private/software/sasl > > > --with-auth=unix --with-cyrus-prefix=/private/cyrus --disable-sieve > > > > > > The configure line for SASL was: > > > > > > ./configure --prefix=/private/software/sasl --disable-krb4 > > > --disable-gssapi --disable-cram --disable-digest > > > --with-ldap=/private/openldap --with-pam=/usr/lib/security > > > > > > My ultimiate goal is to have verion 2.0.16 authenticating users > > against a > > > local OpenLDAP server (with or without PAM). I've tried the sasl > > patch to > > > make sasl talk to ldap directly, but after applying the patch, the > > code > > > doesn't compile. > > > > > > My fall back is using cyrus 1.5.19 (compiled on Solaris 2.6) with > > checking > > > to /etc/passwd. (I stole this from another machine in-house). It > > does > > > work, but I have to work on the tcl part for cyradm. >
