Marco Colombo <[EMAIL PROTECTED]> writes:
> because that's the right place to use SASL. Despite of PAM not being
> a replacement for SASL, of course. I think that OpenLDAP requirement
> for a modular, configurable network security layer (SASL itself) is
> weaker than the IMAPd one. So IFF you need to remove SASL from one
> of the two, OpenLDAP is a better candidate.
No, OpenLDAP needs to provide SASL. Without it, it is severely
crippled. Some people hold the opinion that OpenLDAP is not compliant
with the V3 specs if compiled without SASL. The mechanisms
implemented may be trivial, but SASL has to be there.
In practical terms, OpenLDAP will be unable to do secure replication
without SASL.
Anyone willing to recompile OpenLDAP to remove SASL, should consider
trying the following patch instead:
diff -ru openldap-2.0.7.orig/libraries/libldap/cyrus.c
openldap-2.0.7/libraries/libldap/cyrus.c
--- openldap-2.0.7.orig/libraries/libldap/cyrus.c Sat Nov 4 22:38:28 2000
+++ openldap-2.0.7/libraries/libldap/cyrus.c Fri Nov 24 19:45:25 2000
@@ -51,14 +51,6 @@
return 0;
}
-#ifndef CSRIMALLOC
- sasl_set_alloc(
- ber_memalloc,
- ber_memcalloc,
- ber_memrealloc,
- ber_memfree );
-#endif /* CSRIMALLOC */
-
#ifdef LDAP_R_COMPILE
sasl_set_mutex(
ldap_pvt_sasl_mutex_new,
This patch, though not endorsed by the OpenLDAP project, avoids the
problem by letting the SASL library keep on using its default
allocators. This usually works because, at the end of the day, the
BER allocators end up using the same heap.
So, if it works, that patch keeps the full functionality of OpenLDAP
while coexisting with Cyrus IMAPd peacefully.
Of course, it is best to move in the pwcheck daemon direction.
Julio
