I found this to be pretty interesting. Anyone care to comment on this
authenticity of the claim? It seems to make sense at least :)
This is a forwarded message
From: Julio Sanchez Fernandez <[EMAIL PROTECTED]>
To: "Kevin J. Menard, Jr." <[EMAIL PROTECTED]>
Date: Tuesday, August 07, 2001, 4:19:35 AM
Subject: Cyrus-IMAPD and LDAP
===8<==============Original message text===============
"Kevin J. Menard, Jr." <[EMAIL PROTECTED]> writes:
> Pretty much. But Cyrus Imapd 2.0.x and pam_ldap and OpenLDAP 2.0.x
> do not mix well together at all.
There is a conflict in the memory allocation policy for cyrus-sasl.
Well, cyrus-imapd uses cyrus-sasl. The latter uses PAM, that uses
libldap. But libldap in 2.0 uses cyrus-sasl as well and, moreover, it
redefines the memory allocation routines so that all memory needed by
the sasl library comes from the BER allocators. The problem is that
the cyrus-sasl API does not provide a clean way for libldap to restore
the prior allocators properly. As a consequence, when libldap returns
to PAM, the allocators in libsasl are left dangling, i.e. pointing at
the no longer existing liblber routines.
When cyrus-imapd keeps on using libsasl, it crashes.
There is no clean solution for that. Depending on the OS (seems to
work on RedHat Linux, probably all unixen work as well), you can look
in cyrus.c in libldap and disable the call to sasl_set_alloc or
somesuch.
Apparently, the new test versions of cyrus-sasl change the allocation
policy so that the thing can work cleanly. But the API is
incompatible and I have not looked into this.
More irritating is that if you are using nss_ldap on the machine as
well, every login will require a full trip for all posixgroup's in the
directory. This happens to all applications that require to simulate
a call to initgroups without doing it.
Julio
===8<===========End of original message text===========
--
Best regards,
Kevin mailto:[EMAIL PROTECTED]
