> -----Original Message----- > From: Howard Chu [mailto:hyc@xxxxxxxxxxxxxxx] > Sent: Friday, April 03, 2009 1:07 PM > To: Xu, Qiang (FXSGSC) > Cc: Henry B. Hotz; cyrus-sasl@xxxxxxxxxxxxxxxxxxxx > Subject: Re: SASL2 plugin problem > > Don't use MozLDAP, it's obsolete. At this point it's total > abandonware, it's not even present in any current Mozilla > builds. (And yes, I build a full Mozilla source tree on a > pretty frequent basis. I've also submitted a patch to build > Mozilla with OpenLDAP's libldap, since Mozilla has abandoned > the MozLDAP code.) For SASL LDAP binding, I see that OpenLDAP + SASL is the most used combination. Yet, from my googling, there are some successful examples of use MozLDAP with SASL. > Given that both MozLDAP and OpenLDAP use the same SASL > library, and OpenLDAP works, how can you deduce that the > problem is in the SASL library? Hmmm, you are right about this. But I also have my reasons. See below. > > The caller seems innocent: > > ======================================== > > <apManager> (Tue Mar 31 2009 > 16:39:02.518)<p27931,t3079396256,aba_ldap_interface.c,6666> > > INFO>> Value of hostname sesswin2003:389 > > Fix that. MozLDAP isn't parsing it correctly; just use the hostname. > > The C API spec says that this is allowed to be in host:port > form, and the LDAP library is supposed to recognize that and > parse it appropriately when this form is passed in. MozLDAP > doesn't parse it though, it uses it verbatim. When it hands > this host:port form to SASL, which expects hostname and > portnumber as two separate parameters, things fail. > > The Mozilla LDAP codebase deviates from (or simply fails to > implement) the LDAP specs in lots of ways. I guess here's a > case where it failed to follow the SASL API as well. But how to explain in case of simple LDAP binding, the format "host:port" can be handled (the format "host:port" can be recognized and separated for DNS request)? In both simple binding and sasl binding, they are using the same function, with the same paremeter passed in. Thus, I can't help thinking something is not quite right with SASL libraries. But what you said is also reasonable, SASL works well with OpenLDAP, so it can hardly be faulted. A side note: In my printer, I found SASL library depends on OpenLDAP libraries, while in my case, it is supposed to interact with MozLDAP library: ======================================== MBC107:/usr/lib <190> ldd libsasl2.so linux-gate.so.1 => (0xffffe000) libresolv.so.2 => /lib/libresolv.so.2 (0xb7f38000) libssl.so.0.9.7 => /lib/libssl.so.0.9.7 (0xb7f06000) libdl.so.2 => /lib/libdl.so.2 (0xb7f02000) libmysqlclient.so.15 => /lib/libmysqlclient.so.15 (0xb7ea4000) libz.so.1 => /usr/lib/libz.so.1 (0xb7e92000) libcrypt.so.1 => /lib/libcrypt.so.1 (0xb7e64000) libnsl.so.1 => /lib/libnsl.so.1 (0xb7e50000) libm.so.6 => /lib/libm.so.6 (0xb7e2c000) libpq.so.4 => /usr/lib/libpq.so.4 (0xb7e0d000) libldap-2.3.so.0 => /lib/libldap-2.3.so.0 (0xb7dd9000) libc.so.6 => /lib/libc.so.6 (0xb7cc8000) libcrypto.so.0.9.7 => /lib/libcrypto.so.0.9.7 (0xb7bc0000) /lib/ld-linux.so.2 (0x80000000) libkrb5.so.3 => /lib/libkrb5.so.3 (0xb7b4b000) libpthread.so.0 => /lib/libpthread.so.0 (0xb7b38000) liblber-2.3.so.0 => /lib/liblber-2.3.so.0 (0xb7b2b000) libk5crypto.so.3 => /lib/libk5crypto.so.3 (0xb7b06000) libcom_err.so.3 => /lib/libcom_err.so.3 (0xb7b02000) libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0xb7afe000) ======================================== In the list, libldap-2.3.so and liblber-2.3.so are components of OpenLDAP. I don't know this has any effect on the DNS error. > If you want code that actually works and adheres to > standards, stick with OpenLDAP. But our printers are using MozLDAP SDK, not OpenLDAP. Alas! Thanks, Xu Qiang
