Web www.surf.org.uk

search
cyrus
cyrus sasl
deliver patch
cyrus pwcheck
ldap
squid auth
BBC ticker
Latest from BBC
bspline
visual perl qt
piano chord & scale finder
contact us
 



Security fix now out for mysql version 28 March 2002
If you want to know detail email me ..

This is a patch against Cyrus Sasl version 1.5.24
which is a Plugin authentication system mostly used by
openldap
and Cyrus Imap.

Sasl ldap+ldaps+mysql+ldapsearch patch download
Sasl ldap+ldaps+mysql+ldapsearch patch download for 1.5.27 + muiltiple hosts

To use simply untgz (tar -zxvf name.tgz).
Go to the base of the sasl source and type
patch -p1 < /sasl_ldap_mysql.patch

You might need to re run autoconf in order to get configure
to have the options below (Note: on FreeBSD I needed to
get aclocal down)
Now all you have to do when doing a configure is either add on
of these lines or both depnding on whcih you want :-

--with-ldap=/usr/local/lib
--with-mysql=/usr/local/lib   (/usr/lib on linux I think)
now compile the system as normal.
There are some docs in docs/sysadmin.html under the sasl
source tree which wil explain how to configure the sasl
system for ldap and mysql support. Below is the relavent section:-

mysql
A MySQL database can be used for plaintext password checking by setting "pwcheck_method" to "mysql".

The following SASL options are used for MySQL Authentication:

mysql_user: <user>
mysql_passwd: <cleartext pw>
mysql_host: <hosts sperated by ,>
mysql_database: <database>
mysql_table: <table>
mysql_uidcol: <username col>
mysql_pwdcol: <password col>

MySQL pwcheck_method created by David Matthew Zendzian the original patch may be found at http ://www.dmzs.com/~dmz/projects/cyrus/.

ldap
A LDAP server can be used for plaintext password checking by setting "pwcheck_method" to "ldap".

The following SASL options are used for LDAP Authentication:

ldap_server: <LDAP Servers spearted by , [localhost]>
ldap_basedn: <LDAP base dn>
ldap_uidattr: <LDAP uid attribute [uid]>
ldap_port: <LDAP port [389]>
ldap_ssl: <yes/no/true/fasle> Use ssl (untested)
ldap_filter_mode: <yes/no/true/fasle> Use the filter below
ldap_filter: <Additional search filter [(objectClass=posixAccount)]>
ldap_bind_dn: <DN to bind with [NULL]>
ldap_bind_pw: <Password for DN to bind with [NULL]>
ldap_alias_deref: <n|s|f|a> n is default

It is a requirement that "ldap_basedn" be set to the appropriate value for your site
(ex. ldap_basedn: o=surf, c=UK)

ldap_alias_deref: n = LDAP_DEREF_NEVER
s = LDAP_DEREF_SEARCHING
f = LDAP_DEREF_FINDING
a = LDAP_DEREF_ALWAYS
If you dont know what ldap alias is just leave this alone.

NULL values for ldap_dn and ldap_passwd mean do an anonymous bind and search.

LDAP pwcheck_method created by Simon@su rf.org.uk
The patch is also held at Source Forge Cyrus Utils

Search and filter ability for LDAP was added by Kevin J. Menard, Jr..


Mr Werner Dundler sent me a message about compiling on Solaris 8/gcc which says:

compiling against the solaris ldap libs does not work -> use openldap.
if you don't have libtool, "aclocal" and m4 stuff screws up (configure
works).
using gcc you have to tweak makefiles so that solaris varargs.h is not
used - -Ipath for gcc varargs.
Hpoe this helps people

Older patches: