[Pkg-openldap-devel] Bug#624319: slapd: SASL_CONF_PATH environment variable is not respected

[Dan White]

On 27/04/11 17:48 +0200, Frank Meisschaert wrote:
>On 04/27/11 15:30, Dan White wrote:
>>>Using the SASL_CONF_PATH environment variable to use different sasl
>>>parameters (by using different directories containing a slapd.conf file)
>>>for different slapd instances does not work. Same problem
>>>for the SASL_PATH environment variable.
>>
>>With regards to SASL_CONF_PATH, see sasl_getconfpath_t(3):
>>
>>sasl_getconfpath_t is used if the application wishes to use a
>>different location for the SASL configuration files. If this
>>callback is not used SASL will either use the location in the
>>environment variable SASL_CONF_PATH (provided we are not SUID or
>>SGID) or /etc/sasl2 by default.
>>
>>Debian slapd includes a patch which defines a SASL_CB_GETCONFPATH
>>callback, which would render SASL_CONF_PATH unused. It appears to set the
>>location to '/usr/lib/sasl2'.
>
>Which makes it impossible to run different sasl configurations in 
>different instances on the same host using a different sasl 
>configuration path as is possible with upstream openldap. I know I 
>could use a chroot environment but imho the callback added in debian 
>should somehow have some of the path flexibility as available in 
>upstream.

After a closer look at the Debian patch, it actually configures the
location to be:

/etc/ldap/sasl2:/usr/lib/sasl2

I don't know of a clean way around this problem (other than removing the
patch and compiling a local version).

I suppose one approach would be to submit a feature request to slapd
upstream to make the path configurable.

-- 
Dan White