Skip Menu |

Date: Fri, 02 Oct 2015 15:57:38 +0200
From: Tomas Kuthan <>
Subject: configure should auto-detect OpenLDAP libs on Solaris 11 and higher
Download (untitled) / with headers
text/plain 2.6KiB
Solaris 11 and higher delivers 2 implementations of LDAP libraries:
- Mozilla LDAP in /usr/lib/
- OpenLDAP in /usr/lib/ (or re-entrant
- (headers under /usr/include/openldap)

configure detects and uses the former.
Sadly, MIT krb5 no longer builds with the old Mozilla LDAP lib:

-I../../../../include -I/builds/krb5/src/include
-I/builds/krb5/src/lib/kdb -I/builds/krb5/src/lib/krb5/asn.1
-DKRB5_DEPRECATED=1 -DKRB5_PRIVATE -g -O2 -Wall -Wcast-align -Wshadow
-Wmissing-prototypes -pedantic -Wno-format-zero-length -Woverflow
-Wstrict-overflow -Wmissing-format-attribute -Wmissing-prototypes
-Wreturn-type -Wmissing-braces -Wparentheses -Wswitch -Wunused-function
-Wunused-label -Wunused-variable -Wunused-value -Wunknown-pragmas
-Wsign-compare -Werror=uninitialized -Werror=pointer-arith
-Werror-implicit-function-declaration -D_REENTRANT -pthreads -c
/builds/krb5/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c -o && mv -f
In file included from /builds/krb5/src/include/k5-int.h:178:0,
/builds/krb5/src/include/k5-trace.h:93:20: warning: anonymous variadic
macros were introduced in C99 [-Wvariadic-macros]
/builds/krb5/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c: In
function ‘authenticate’:
error: ‘LDAP_SASL_QUIET’ undeclared (first use in this function)
note: each undeclared identifier is reported only once for each function
it appears in
gmake[2]: *** [] Error 1
gmake[2]: Leaving directory
gmake[1]: *** [all-recurse] Error 1
gmake[1]: Leaving directory `/builds/krb5-build/plugins/kdb/ldap'
gmake: *** [all-recurse] Error 1

Ideally configure would auto-detect and use OpenLDAP library at
/usr/lib/ and headers from /usr/include/openldap.

Alternatively the --with-ldap option could accept path to the library as
an argument:
./configure --with-ldap=/usr/lib/ ...
We should be able to make the LDAP KDB module work against the Mozilla LDAP
library again, if the Solaris team has a preference for that. I have
patches which make it compile, although it's not easy to test them as our
automated tests rely on ldapi support. If you have no preference, we'll
continue to rely on OpenLDAP features (ldap_str2dn and LDAP_SASL_QUIET) to
keep the code simpler.

(As for the request in this ticket, it seems reasonable if we continue to
depend on OpenLDAP, but I don't have a Solaris 11 machine to test a
candidate patch on.)