From owner-freebsd-current@FreeBSD.ORG Fri Aug 25 06:15:52 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9CAC816A4DA for ; Fri, 25 Aug 2006 06:15:52 +0000 (UTC) (envelope-from bushman@rsu.ru) Received: from mail.r61.net (mail.r61.net [195.208.245.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id CEB5043D46 for ; Fri, 25 Aug 2006 06:15:51 +0000 (GMT) (envelope-from bushman@rsu.ru) Received: from carrera ([82.179.80.87]) (authenticated bits=0) by mail.r61.net (8.13.7/8.13.6) with ESMTP id k7P6EwKY062662 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Fri, 25 Aug 2006 10:15:02 +0400 (MSD) (envelope-from bushman@rsu.ru) Message-ID: <002001c6c80d$cedcba60$9800a8c0@carrera> From: "Michael Bushkov" To: "Tom McLaughlin" , "Brooks Davis" References: <44E9582C.2010400@rsu.ru> <44EAA213.6010507@delphij.net> <002901c6c5ba$628b67d0$9800a8c0@carrera> <86hd0423zk.fsf@xps.des.no> <44EB302A.7010106@rsu.ru> <20060823121157.yawh6f8e844w4osc@netchild.homeip.net> <86u043znbz.fsf@xps.des.no> <20060823144347.GB24652@lor.one-eyed-alien.net> <1156464193.1394.14.camel@localhost> Date: Fri, 25 Aug 2006 10:14:55 +0400 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="koi8-r"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on asterix.r61.net X-Virus-Status: Clean Cc: Dag-Erling Sm?rgrav , freebsd-current@freebsd.org, LI Xin , Alexander Leidinger Subject: Re: [HEADS UP]: OpenLDAP+nss_ldap+nss_modules separated patch andmore (SoC) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Aug 2006 06:15:52 -0000 Tom McLaughlin wrote: > Will it also be possible to build openldap in base with SASL support? > My understanding is Windows AD environments by default require all > connections to be authenticated via kerberos. (It's also a requirement > for the samba+openldap+krb5 setup I'm doing for work. ;) I saw a > comment about adding support for krb5_ccname in the config file. That's > a very useful option in the PADL version so I'm guessing this was > written with supporting SASL in mind? Thanks. > > tom Hi, sasl in OpenLDAP (and in nss_ldap) is supported in the way similar to Sendmail: CFLAGS+= ${OPENLDAP_CFLAGS} LDFLAGS+= ${OPENLDAP_LDFLAGS} LDADD+= ${OPENLDAP_LDADD} By defining, OPENLDAP_CFLAGS=-I/usr/local/include -DSASL OPENLDAP_LDFLAGS=-L/usr/local/lib OPENLDAP_LDADD=-lsasl you'll enable sasl support both for OpenLDAP and nss_ldap. BTW, I'll be able to implement and properly test krb5-ccname during the beginning of September. With best regards, Michael Bushkov