SASL-Plugins not found, path mismatch

Bug #1088822 reported by Mathias Kaufmann
18
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Fedora Directory Server
Fix Released
Unknown
389-ds-base (Ubuntu)
Fix Released
Medium
Timo Aaltonen
Precise
Won't Fix
Undecided
Unassigned
Quantal
Won't Fix
Undecided
Unassigned
Raring
Won't Fix
Undecided
Unassigned
Saucy
Fix Released
Medium
Timo Aaltonen

Bug Description

I tried to enable SASL GSSAPI-Support in 389-ds but a ldapsearch on supportedSASLMechanisms keeps give me SASL EXTERNAL only. I looked into /var/log/auth.log and found this:

Dec 11 10:08:06 ldap-01 ns-slapd: looking for plugins in '/usr/lib64/sasl2', failed to open directory, error: No such file or directory

The quick fix with symlinking like below fixed the problem.

ln -s /usr/lib/x86_64-linux-gnu /usr/lib64

Check:

root@ldap-01:/usr/lib64/sasl2# ldapsearch -h localhost -p 389 -x -b "" -s base -LLL supportedSASLMechanisms
dn:
supportedSASLMechanisms: EXTERNAL
supportedSASLMechanisms: GS2-IAKERB
supportedSASLMechanisms: GS2-KRB5
supportedSASLMechanisms: SCRAM-SHA-1
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: NTLM
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: ANONYMOUS

I think it's not a big deal to fix this but I have no time to do it myself.

Regards
Mathias Kaufmann

Tags: auth sasl
Revision history for this message
Timo Aaltonen (tjaalton) wrote :

confirmed, it's hardcoded in the source, if the path is not set in the config.

we'd need to make the default build-time configurable, so that it would use the triplet path of the builder arch.

Changed in 389-ds-base (Ubuntu):
importance: Undecided → Medium
status: New → Triaged
Changed in fedora-ds:
status: Unknown → Confirmed
Revision history for this message
Timo Aaltonen (tjaalton) wrote :

upstream has a hackish patch which I've missed until now.. I'll fix this in saucy first, could you test it there once it's released?

Changed in 389-ds-base (Ubuntu Saucy):
assignee: nobody → Timo Aaltonen (tjaalton)
status: Triaged → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package 389-ds-base - 1.3.1.9-0ubuntu1

---------------
389-ds-base (1.3.1.9-0ubuntu1) saucy; urgency=low

  * Sync from unreleased debian git.

389-ds-base (1.3.1.9-1) UNRELEASED; urgency=low

  * New upstream release. (Closes: #718325)
  * Drop the cve fix, upstream.
  * rules: Add new scripts to rename.
  * fix-sasl-path.diff: Use a triplet path to find libsasl2. (LP:
    #1088822)
 -- Timo Aaltonen <email address hidden> Thu, 26 Sep 2013 21:55:25 +0300

Changed in 389-ds-base (Ubuntu Saucy):
status: In Progress → Fix Released
Changed in fedora-ds:
status: Confirmed → Fix Released
Revision history for this message
Rolf Leggewie (r0lf) wrote :

quantal has seen the end of its life and is no longer receiving any updates. Marking the quantal task for this ticket as "Won't Fix".

Changed in 389-ds-base (Ubuntu Quantal):
status: New → Won't Fix
Revision history for this message
Rolf Leggewie (r0lf) wrote :

raring has seen the end of its life and is no longer receiving any updates. Marking the raring task for this ticket as "Won't Fix".

Changed in 389-ds-base (Ubuntu Raring):
status: New → Won't Fix
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in 389-ds-base (Ubuntu Precise):
status: New → Confirmed
Revision history for this message
David Kowis (dkowis) wrote :

There is something remarkably like this happening in 16.04.1

I had to create a symlink:
ln -s /usr/lib/i386-linux-gnu/sasl2/ sasl2

If I didn't do this the directory server didn't pick up any of the GSSAPI modules. Made installing freeipa very difficult

Revision history for this message
David Kowis (dkowis) wrote :

Oh, sorry, that symlink should be:

ln -s /usr/lib/i386-linux-gnu/sasl2 /usr/lib/sasl2

Revision history for this message
Timo Aaltonen (tjaalton) wrote :

please run 'strings usr/lib/i386-linux-gnu/dirsrv/libslapd.so.0.0.0 | grep sasl2'

Revision history for this message
Timo Aaltonen (tjaalton) wrote :

strings libslapd.so.0.0.0 |grep sasl2
/usr/lib/i386-linux-gnu/sasl2
/usr/lib/sasl2

which looks fine, so your 389 config probably uses the incorrect path for some reason

Revision history for this message
Andrew Bork (anbork) wrote :

I am seeing the same issue as David on Ubuntu armbian on an orange PI +2e. It's armv7h my symlink that fixed it was

ln -s /usr/lib/arm-linux-gnueabihf/sasl2/ /usr/lib/sasl2

Revision history for this message
Steve Langasek (vorlon) wrote :

The Precise Pangolin has reached end of life, so this bug will not be fixed for that release

Changed in 389-ds-base (Ubuntu Precise):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.