[Pkg-openldap-devel] Bug#624319: slapd: SASL_CONF_PATH environment variable is not respected

Frank Meisschaert Frank.Meisschaert at UGent.be
Wed Apr 27 15:48:43 UTC 2011


Hello,

On 04/27/11 15:30, Dan White wrote:
> On 27/04/11 14:42 +0200, Frank Meisschaert wrote:
>> Package: slapd
>> Version: 2.4.23-7
>> Severity: normal
>>
>>
>> Using the SASL_CONF_PATH environment variable to use different sasl
>> parameters (by using different directories containing a slapd.conf file)
>> for different slapd instances does not work. Same problem
>> for the SASL_PATH environment variable.
>>
>> Kind Regards,
>> Frank Meisschaert
>
> Frank,
>
> With regards to SASL_CONF_PATH, see sasl_getconfpath_t(3):
>
> sasl_getconfpath_t is used if the application wishes to use a
> different location for the SASL configuration files. If this
> callback is not used SASL will either use the location in the
> environment variable SASL_CONF_PATH (provided we are not SUID or
> SGID) or /etc/sasl2 by default.
>
> Debian slapd includes a patch which defines a SASL_CB_GETCONFPATH
> callback, which would render SASL_CONF_PATH unused. It appears to set the
> location to '/usr/lib/sasl2'.

Which makes it impossible to run different sasl configurations in 
different instances on the same host using a different sasl 
configuration path as is possible with upstream openldap. I know I could 
use a chroot environment but imho the callback added in debian should 
somehow have some of the path flexibility as available in upstream.

>
> SASL_PATH is documented in:
>
> sasl_client_init(3)
> sasl_getpath_t(3)
> sasl_server_start(3)
>
> and it's purpose is to override the location of the shared library
> mechanisms, not the config files.
ok

kr,
Frank

>
>> -- System Information:
>> Debian Release: wheezy/sid
>> APT prefers testing
>> APT policy: (500, 'testing')
>> Architecture: amd64 (x86_64)
>>
>> Kernel: Linux 2.6.38-2-amd64 (SMP w/2 CPU cores)
>> Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
>> Shell: /bin/sh linked to /bin/dash
>>
>> Versions of packages slapd depends on:
>> ii adduser 3.112+nmu2 add and remove users and groups
>> ii coreutils 8.5-1 GNU core utilities
>> ii debconf [debconf-2.0] 1.5.38 Debian configuration management sy
>> ii libc6 2.11.2-11 Embedded GNU C Library: Shared lib
>> ii libdb4.8 4.8.30-4 Berkeley v4.8 Database Libraries [
>> ii libgnutls26 2.10.5-1+b1 the GNU TLS library - runtime libr
>> ii libldap-2.4-2 2.4.23-7 OpenLDAP libraries
>> ii libltdl7 2.4-2 A system independent dlopen wrappe
>> ii libperl5.10 5.10.1-19 shared Perl library
>> ii libsasl2-2 2.1.23.dfsg1-8 Cyrus SASL - authentication abstra
>> ii libslp1 1.2.1-7.8 OpenSLP libraries
>> ii libwrap0 7.6.q-19 Wietse Venema's TCP wrappers libra
>> ii lsb-base 3.2-27 Linux Standard Base 3.2 init scrip
>> ii perl [libmime-base64-perl 5.10.1-19 Larry Wall's Practical Extraction
>> ii psmisc 22.13-1 utilities that use the proc file s
>> ii unixodbc 2.2.14p2-2 ODBC tools libraries
>>
>> Versions of packages slapd recommends:
>> ii libsasl2-modules 2.1.23.dfsg1-8 Cyrus SASL - pluggable authenticat
>>
>> Versions of packages slapd suggests:
>> ii ldap-utils 2.4.23-7 OpenLDAP utilities
>>
>> -- Configuration Files:
>> /etc/default/slapd changed [not included]
>>
>> -- debconf information excluded
>>
>>
>>
>> _______________________________________________
>> Pkg-openldap-devel mailing list
>> Pkg-openldap-devel at lists.alioth.debian.org
>> http://lists.alioth.debian.org/mailman/listinfo/pkg-openldap-devel
>>
>





More information about the Pkg-openldap-devel mailing list