Re: [HEADS UP]: OpenLDAP+nss_ldap+nss_modules separated patch andmore (SoC)

Tom McLaughlin wrote:
Will it also be possible to build openldap in base with SASL support?
My understanding is Windows AD environments by default require all
connections to be authenticated via kerberos. (It's also a requirement
for the samba+openldap+krb5 setup I'm doing for work. ;) I saw a
comment about adding support for krb5_ccname in the config file. That's
a very useful option in the PADL version so I'm guessing this was
written with supporting SASL in mind? Thanks.

tom

Hi,
sasl in OpenLDAP (and in nss_ldap) is supported in the way similar to Sendmail:
CFLAGS+= ${OPENLDAP_CFLAGS}
LDFLAGS+= ${OPENLDAP_LDFLAGS}
LDADD+= ${OPENLDAP_LDADD}

By defining,
OPENLDAP_CFLAGS=-I/usr/local/include -DSASL
OPENLDAP_LDFLAGS=-L/usr/local/lib
OPENLDAP_LDADD=-lsasl
you'll enable sasl support both for OpenLDAP and nss_ldap.


BTW, I'll be able to implement and properly test krb5-ccname during the beginning of September.

With best regards,
Michael Bushkov

_______________________________________________
freebsd-current@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe@xxxxxxxxxxx"