Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 25 Aug 2006 19:21:17 -0400
From:      Tom McLaughlin <tmclaugh@sdf.lonestar.org>
To:        Michael Bushkov <bushman@rsu.ru>
Cc:        freebsd-current@freebsd.org
Subject:   Re: [HEADS UP]: OpenLDAP+nss_ldap+nss_modules separated patch andmore (SoC)
Message-ID:  <1156548077.1119.4.camel@localhost>
In-Reply-To: <002001c6c80d$cedcba60$9800a8c0@carrera>
References:  <44E9582C.2010400@rsu.ru> <44EAA213.6010507@delphij.net> <002901c6c5ba$628b67d0$9800a8c0@carrera> <86hd0423zk.fsf@xps.des.no> <44EB302A.7010106@rsu.ru> <20060823121157.yawh6f8e844w4osc@netchild.homeip.net> <86u043znbz.fsf@xps.des.no> <20060823144347.GB24652@lor.one-eyed-alien.net> <1156464193.1394.14.camel@localhost> <002001c6c80d$cedcba60$9800a8c0@carrera>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, 2006-08-25 at 10:14 +0400, Michael Bushkov wrote:
> Tom McLaughlin wrote:
> > Will it also be possible to build openldap in base with SASL support?
> > My understanding is Windows AD environments by default require all
> > connections to be authenticated via kerberos.  (It's also a requirement
> > for the samba+openldap+krb5 setup I'm doing for work. ;)  I saw a
> > comment about adding support for krb5_ccname in the config file.  That's
> > a very useful option in the PADL version so I'm guessing this was
> > written with supporting SASL in mind?  Thanks.
> >
> > tom
> 
> Hi,
> sasl in OpenLDAP (and in nss_ldap) is supported in the way similar to 
> Sendmail:
> CFLAGS+=        ${OPENLDAP_CFLAGS}
> LDFLAGS+=       ${OPENLDAP_LDFLAGS}
> LDADD+=         ${OPENLDAP_LDADD}
> 
> By defining,
> OPENLDAP_CFLAGS=-I/usr/local/include -DSASL
> OPENLDAP_LDFLAGS=-L/usr/local/lib
> OPENLDAP_LDADD=-lsasl
> you'll enable sasl support both for OpenLDAP and nss_ldap.
> 
> 
> BTW, I'll be able to implement and properly test krb5-ccname during the 
> beginning of September.
> 
> With best regards,
> Michael Bushkov

Sweet!  Thanks a bunch for keeping this in mind and the good job.  I can
now stop fretting about this on IRC. :)

tom

-- 
| tmclaugh at sdf.lonestar.org             tmclaugh at FreeBSD.org |
| FreeBSD                                   http://www.FreeBSD.org |
| BSD#                    http://www.mono-project.com/Mono:FreeBSD |

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1156548077.1119.4.camel>