SASL GSSAPI under Win32

Michael Ströder michael at
Sun Aug 23 11:46:48 CEST 2009

Waldemar Osuch wrote:
> My build is not static anymore.  Now I put all the required *.dll(s)
> into site-packages\ldap directory.
> I also put the _ldap.pyd in there too so the extension can find them.
> This approach work for all the dlls except the SASL plugins.
> If I put the SASL plugin dlls into into "C:\CMU\bin\sasl2" then they
> will be found.

It's the same on Linux. If you install into a non-standard localtion "make
install" outputs the following text:

* Plugins are being installed into /opt/cyrus-sasl/lib/sasl2,
* but the library will look for them in /usr/lib/sasl2.
* You need to make sure that the plugins will eventually
* be in /usr/lib/sasl2 -- the easiest way is to make a
* symbolic link from /usr/lib/sasl2 to /opt/cyrus-sasl/lib/sasl2,
* but this may not be appropriate for your site, so this
* installation procedure won't do it for you.
* If you don't want to do this for some reason, you can
* set the location where the library will look for plugins
* by setting the environment variable SASL_PATH to the path
* the library should use.

Well, symbolic links are not an option. But how about setting the SASL_PATH
env var? We could even try to add a os.env['SASL_PATH']=... to Lib/ldap/

Could you please provide a ZIP file or something which contains the
python-ldap build and the SASL plugin DLLs and I will play around a little bit.

> In my environment only DIGEST-MD5 and NTLM got loaded but NTLM did not work.
> I have got 'Authentication method not supported' error.
> Now the question is, should I continue to pretend that SASL mechanisms
> are supported?

If there's no way to load at least one SASL plugin it ldap.SASL_AVAIL should be 0.

> Are the 2 or rather 1.5 available mechanisms worth the effort?

DIGEST-MD5 would be worth the effort.

> Unless Torsten is successful, the 2.3.9 build will not have it.

Waldemar, I can fully understand your frustration. And I really appreciate
your and Torsten's efforts. Please let's try another round.

If setting SASL_HOME is not successful it would be a good idea to raise this
issue on the OpenLDAP and Cyrus-SASL mailing lists and request a new feature.
Cyrus SASL 2.1.24 RC1 was released to public a couple of days ago. Maybe it
would be possible to have another SASL option passed through libldap to
cyrus-sasl lib which sets the path where to locate the SASL plugins.

Ciao, Michael.

More information about the python-ldap mailing list