From owner-freebsd-current@FreeBSD.ORG Fri Aug 25 23:22:15 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7D52C16A4DE for ; Fri, 25 Aug 2006 23:22:15 +0000 (UTC) (envelope-from tmclaugh@sdf.lonestar.org) Received: from straycat.dhs.org (c-24-63-86-11.hsd1.ma.comcast.net [24.63.86.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0D00C43D45 for ; Fri, 25 Aug 2006 23:22:14 +0000 (GMT) (envelope-from tmclaugh@sdf.lonestar.org) Received: from bofh.straycat.dhs.org (bofh.straycat.dhs.org [192.168.2.68]) by straycat.dhs.org (8.13.4/8.13.4) with ESMTP id k7PNMCAx013508; Fri, 25 Aug 2006 19:22:12 -0400 (EDT) From: Tom McLaughlin To: Michael Bushkov In-Reply-To: <002001c6c80d$cedcba60$9800a8c0@carrera> References: <44E9582C.2010400@rsu.ru> <44EAA213.6010507@delphij.net> <002901c6c5ba$628b67d0$9800a8c0@carrera> <86hd0423zk.fsf@xps.des.no> <44EB302A.7010106@rsu.ru> <20060823121157.yawh6f8e844w4osc@netchild.homeip.net> <86u043znbz.fsf@xps.des.no> <20060823144347.GB24652@lor.one-eyed-alien.net> <1156464193.1394.14.camel@localhost> <002001c6c80d$cedcba60$9800a8c0@carrera> Content-Type: text/plain Date: Fri, 25 Aug 2006 19:21:17 -0400 Message-Id: <1156548077.1119.4.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.6.3 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit Cc: freebsd-current@freebsd.org Subject: Re: [HEADS UP]: OpenLDAP+nss_ldap+nss_modules separated patch andmore (SoC) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Aug 2006 23:22:15 -0000 On Fri, 2006-08-25 at 10:14 +0400, Michael Bushkov wrote: > Tom McLaughlin wrote: > > Will it also be possible to build openldap in base with SASL support? > > My understanding is Windows AD environments by default require all > > connections to be authenticated via kerberos. (It's also a requirement > > for the samba+openldap+krb5 setup I'm doing for work. ;) I saw a > > comment about adding support for krb5_ccname in the config file. That's > > a very useful option in the PADL version so I'm guessing this was > > written with supporting SASL in mind? Thanks. > > > > tom > > Hi, > sasl in OpenLDAP (and in nss_ldap) is supported in the way similar to > Sendmail: > CFLAGS+= ${OPENLDAP_CFLAGS} > LDFLAGS+= ${OPENLDAP_LDFLAGS} > LDADD+= ${OPENLDAP_LDADD} > > By defining, > OPENLDAP_CFLAGS=-I/usr/local/include -DSASL > OPENLDAP_LDFLAGS=-L/usr/local/lib > OPENLDAP_LDADD=-lsasl > you'll enable sasl support both for OpenLDAP and nss_ldap. > > > BTW, I'll be able to implement and properly test krb5-ccname during the > beginning of September. > > With best regards, > Michael Bushkov Sweet! Thanks a bunch for keeping this in mind and the good job. I can now stop fretting about this on IRC. :) tom -- | tmclaugh at sdf.lonestar.org tmclaugh at FreeBSD.org | | FreeBSD http://www.FreeBSD.org | | BSD# http://www.mono-project.com/Mono:FreeBSD |