From: Thomas Reim <reimth@xxxxxxxxx>
autofs prefers OpenLDAP as LDAP client library and Cyrus as SASL library.
OpenLDAP also uses Cyrus SASL and is fully capable of providing SASL
authentication and binding to clients. OpenLDAP SASL interface is actively
maintained and provides latest security features, e. g. SASL data security
layer.
It does not make much sense to implement and use an own SASL interface in
autofs if OpenLDAP is used, which already has a powerful SASL implementation.
Prepare conditional compilation for use of OpenLDAP for SASL authentication
and binding.
Signed-off-by: Thomas Reim <reimth@xxxxxxxxx>
---
aclocal.m4 | 43 +++++++++++++++++++++++++++++++++++++++++++
configure.in | 5 ++++-
include/config.h.in | 3 +++
3 files changed, 50 insertions(+), 1 deletion(-)
diff --git a/aclocal.m4 b/aclocal.m4
index c671b5b..91b22da 100644
--- a/aclocal.m4
+++ b/aclocal.m4
@@ -325,6 +325,49 @@ AC_TRY_LINK(
LIBS="$af_check_hesiod_save_libs"
])
+dnl --------------------------------------------------------------------------
+dnl AF_CHECK_FUNC_LDAP_SUPPORT_SASL
+dnl
+dnl Check for sasl support in ldap
+dnl --------------------------------------------------------------------------
+AC_DEFUN(
+ [AF_CHECK_FUNC_LDAP_SUPPORT_SASL],
+ [AC_MSG_CHECKING(for cyrus sasl support in openldap)
+ have_openldap_cyrus_sasl=no
+ # save current libs
+ af_check_ldap_support_sasl_save_libs="$LIBS"
+ LIBS="$LIBLDAP"
+
+ AC_RUN_IFELSE(
+ [ AC_LANG_SOURCE(
+ [ #include <stdlib.h>
+ #include <ldap.h>
+ int main (int argc, char **argv) {
+ LDAP *ldap = NULL;
+ int lret = 0;
+
+ lret = ldap_initialize(&ldap, NULL);
+ if (lret != LDAP_OPT_SUCCESS) {
+ exit(1);
+ }
+ lret = ldap_set_option(ldap, LDAP_OPT_X_SASL_NOCANON,
+ LDAP_OPT_ON);
+ exit(lret == LDAP_OPT_SUCCESS ? 0 : 1);
+ } ])],
+ have_openldap_sasl=yes,
+ have_openldap_sasl=no,
+ have_openldap_sasl=yes)
+
+ AC_MSG_RESULT($have_openldap_sasl)
+ if test "$have_openldap_sasl" = "yes"; then
+ AC_DEFINE(WITH_LDAP_CYRUS_SASL,1,
+ [Define if OpenLDAP was built with Cyrus SASL])
+ fi
+
+ # restore libs
+ LIBS="$af_check_ldap_parse_page_control_save_libs"
+ ])
+
dnl --------------------------------------------------------------------------
dnl AF_CHECK_FUNC_LDAP_CREATE_PAGE_CONTROL
dnl
diff --git a/configure.in b/configure.in
index 68cbd44..45f3234 100644
--- a/configure.in
+++ b/configure.in
@@ -279,6 +279,7 @@ AF_CHECK_NIS_HEADER()
# OpenLDAP support? Expect that this may have a special directory...
#
AF_tmp_ldflags="$LDFLAGS"
+AF_tmp_libs="$LIBS"
LIBLDAP=''
HAVE_LDAP=''
AC_ARG_WITH(openldap,
@@ -303,15 +304,17 @@ if test -z "$HAVE_LDAP" -o "$HAVE_LDAP" != "0"; then
if test "$HAVE_LDAP" = "1"; then
AC_DEFINE(WITH_LDAP,1,
[Define if using LDAP as a source of automount maps])
- fi
+ AF_CHECK_FUNC_LDAP_SUPPORT_SASL()
AF_CHECK_FUNC_LDAP_CREATE_PAGE_CONTROL()
AF_CHECK_FUNC_LDAP_PARSE_PAGE_CONTROL()
+ fi
fi
AC_SUBST(LDAP_FLAGS)
AC_SUBST(HAVE_LDAP)
AC_SUBST(LIBLDAP)
LDFLAGS="${AF_tmp_ldflags}"
+LIBS="${AF_tmp_libs}"
#
# SASL support
diff --git a/include/config.h.in b/include/config.h.in
index 4f8daa8..7dab82e 100644
--- a/include/config.h.in
+++ b/include/config.h.in
@@ -162,6 +162,9 @@
/* Define if using LDAP as a source of automount maps */
#undef WITH_LDAP
+/* Define if OpenLDAP was built with Cyrus SASL */
+#undef WITH_LDAP_CYRUS_SASL
+
/* Define to 1 if you have the libtirpc library installed */
#undef WITH_LIBTIRPC
--
2.37.1
