[Pkg-openldap-devel] Bug#624319: slapd: SASL_CONF_PATH environment variable is not respected

Dan White dwhite at olp.net
Wed Apr 27 13:30:20 UTC 2011 

On 27/04/11 14:42 +0200, Frank Meisschaert wrote:
>Package: slapd
>Version: 2.4.23-7
>Severity: normal
>
>
>Using the SASL_CONF_PATH environment variable to use different sasl
>parameters (by using different directories containing a slapd.conf file)
>for different slapd instances does not work. Same problem
>for the SASL_PATH environment variable.
>
>Kind Regards,
>Frank Meisschaert

Frank,

With regards to SASL_CONF_PATH, see sasl_getconfpath_t(3):

        sasl_getconfpath_t is used if the application wishes to use a
        different location for the SASL configuration files. If this
        callback is not used SASL will either use the location in  the
        environment variable SASL_CONF_PATH (provided we are not SUID or
        SGID) or /etc/sasl2 by default.

Debian slapd includes a patch which defines a SASL_CB_GETCONFPATH
callback, which would render SASL_CONF_PATH unused. It appears to set the
location to '/usr/lib/sasl2'.

SASL_PATH is documented in:

sasl_client_init(3)
sasl_getpath_t(3)
sasl_server_start(3)

and it's purpose is to override the location of the shared library
mechanisms, not the config files.

>-- System Information:
>Debian Release: wheezy/sid
>  APT prefers testing
>  APT policy: (500, 'testing')
>Architecture: amd64 (x86_64)
>
>Kernel: Linux 2.6.38-2-amd64 (SMP w/2 CPU cores)
>Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
>Shell: /bin/sh linked to /bin/dash
>
>Versions of packages slapd depends on:
>ii  adduser                   3.112+nmu2     add and remove users and groups
>ii  coreutils                 8.5-1          GNU core utilities
>ii  debconf [debconf-2.0]     1.5.38         Debian configuration management sy
>ii  libc6                     2.11.2-11      Embedded GNU C Library: Shared lib
>ii  libdb4.8                  4.8.30-4       Berkeley v4.8 Database Libraries [
>ii  libgnutls26               2.10.5-1+b1    the GNU TLS library - runtime libr
>ii  libldap-2.4-2             2.4.23-7       OpenLDAP libraries
>ii  libltdl7                  2.4-2          A system independent dlopen wrappe
>ii  libperl5.10               5.10.1-19      shared Perl library
>ii  libsasl2-2                2.1.23.dfsg1-8 Cyrus SASL - authentication abstra
>ii  libslp1                   1.2.1-7.8      OpenSLP libraries
>ii  libwrap0                  7.6.q-19       Wietse Venema's TCP wrappers libra
>ii  lsb-base                  3.2-27         Linux Standard Base 3.2 init scrip
>ii  perl [libmime-base64-perl 5.10.1-19      Larry Wall's Practical Extraction
>ii  psmisc                    22.13-1        utilities that use the proc file s
>ii  unixodbc                  2.2.14p2-2     ODBC tools libraries
>
>Versions of packages slapd recommends:
>ii  libsasl2-modules          2.1.23.dfsg1-8 Cyrus SASL - pluggable authenticat
>
>Versions of packages slapd suggests:
>ii  ldap-utils                    2.4.23-7   OpenLDAP utilities
>
>-- Configuration Files:
>/etc/default/slapd changed [not included]
>
>-- debconf information excluded
>
>
>
>_______________________________________________
>Pkg-openldap-devel mailing list
>Pkg-openldap-devel at lists.alioth.debian.org
>http://lists.alioth.debian.org/mailman/listinfo/pkg-openldap-devel
>

-- 
Dan White
BTC Broadband
Ph  918.366.0248 (direct)   main: (918)366-8000
Fax 918.366.6610            email: dwhite at olp.net
http://www.btcbroadband.com

More information about the Pkg-openldap-devel mailing list