mimedefang with LDAP-enabled sendmail

Jonathan McKeown jonathan at hst.org.za
Tue Oct 17 05:01:44 PDT 2006 

On Monday 16 October 2006 16:54, Jonathan McKeown wrote:
> On Sunday 15 October 2006 22:19, Jonathan McKeown wrote:
> > sendmail -d0.1 -bt </dev/null gives me
> >
> > Version 8.13.6
> >  Compiled with: DNSMAP LDAPMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8
> >                 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS
> >                 PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS USERDB
> >                 USE_LDAP_INIT XDEBUG
> >
> > When I try to build and install mail/mimedefang from ports (version is
> > 2.57), I get (modulo wrapping)
> >
> > cc -O2 -fno-strict-aliasing -pipe  -pthread -o mimedefang mimedefang.o
> > drop_privs_threaded.o utils.o rm_r.o syslog-fac.o /usr/lib/libmilter.a
> > -lpthread
> >
> > /usr/lib/libmilter.a(errstring.o)(.text+0xd6): In function `sm_errstring':
> > : undefined reference to `ldap_err2string'
>
> The undefined reference is apparently in libmilter.a and it seems (Google
> again) that the ldap_err2string symbol comes from the openldap library. Is
> it possible that the build of libmilter is not picking up libldap
> from /usr/local/lib?

OK, this seems to be the same problem that was reported in (at least) PR 
ports/95646 <http://www.freebsd.org/cgi/query-pr.cgi?pr=95646> and PR 
ports/95647 (both ports which would not build with an LDAP-enabled core 
sendmail).

The solution proposed in ports/95646 was to make the various Sendmail LDAP 
options in /etc/make.conf invisible to libmilter.

This certainly works - it prevents a build of libmilter passing the LDAP flags 
through to libsm at this line in the build of /usr/src/lib/libmilter:

cc -O2 -fno-strict-aliasing -pipe  
-I/usr/src/lib/libmilter/../../contrib/sendmail/src 
-I/usr/src/lib/libmilter/../../contrib/sendmail/include -I. -DNOT_SENDMAIL 
-Dsm_snprintf=snprintf -D_THREAD_SAFE -DNETINET6 -I/usr/local/include 
-DSASL=2  -c /usr/src/lib/libmilter/../../contrib/sendmail/libsm/errstring.c

libsm/errstring.c refers to ldap_err2string in a conditional testing on 
LDAPMAP. ldap_err2string is declared in the #included /usr/local/lib/ldap.h. 
(I didn't search for where it's defined).

It looks as though the problem is less with ports, and more with a subtle 
breakage of the core sendmail when built with LDAP - specifically in building 
libsm/errstring.c as part of the libmilter build.

Is pretending that LDAPMAP is not set while compiling libmilter the right 
solution?

Should the necessary changes to /etc/make.conf be documented somewhere or even 
automated in some way?

I have spent five days trying to solve this. I have rewritten 
my /etc/make.conf as follows:

WANT_OPENLDAP_SASL=true
SENDMAIL_CFLAGS  = -I/usr/local/include -DSASL=2
SENDMAIL_LDFLAGS = -L/usr/local/lib
SENDMAIL_LDADD   = -lsasl2
.if ${.CURDIR} != /usr/src/lib/libmilter
    SENDMAIL_CFLAGS  += -DLDAPMAP
    SENDMAIL_LDADD   += -lldap -llber
.endif

This works but it Just Feels Wrong.

Jonathan

More information about the freebsd-questions mailing list