Skip to content

How to force linking to non-system OpenLDAP on macOS? #412

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
intgr opened this issue May 14, 2021 · 5 comments
Open

How to force linking to non-system OpenLDAP on macOS? #412

intgr opened this issue May 14, 2021 · 5 comments

Comments

@intgr
Copy link
Contributor

intgr commented May 14, 2021

I am using python-ldap along with the OPT_X_TLS_CACERTFILE option.

macOS provides some crappy version of libldap.so out of the box, which does not support this option (see #301).

Many years back I discovered that I could install Homebrew's OpenLDAP (brew install openldap) and link to it by changing setup.cfg to:

library_dirs = /usr/local/opt/openldap/lib /usr/local/opt/cyrus-sasl/lib
include_dirs = /usr/local/opt/openldap/include /usr/local/opt/cyrus-sasl/include

However, this no longer works; python-ldap successfully uses include files from Homebrew's OpenLDAP, but it now links to the system libldap. 😖

Using otool -l to inspect the _ldap.cpython-39-darwin.so binary, previously it contained:

Load command 10
          cmd LC_LOAD_DYLIB
      cmdsize 80
         name /usr/local/opt/openldap/lib/libldap_r-2.4.2.dylib (offset 24)
   time stamp 2 Thu Jan  1 03:00:02 1970
      current version 14.3.0
compatibility version 14.0.0

Now it has:

Load command 10
          cmd LC_LOAD_DYLIB
      cmdsize 88
         name /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP (offset 24)
   time stamp 2 Thu Jan  1 03:00:02 1970
      current version 2.4.0
compatibility version 1.0.0

Any help would be much appreciated.

Operating system: macOS 11.2.3

Python version: 3.9.5

python-ldap version: 3.1.1
@tiran
Copy link
Member

tiran commented May 14, 2021

All current python-ldap maintainer are Linux engineers and AFAIK do not have access to macOS systems. There is very little we can do to assist.

You probably need to override the dynamic linker lookup path, too. ELF binaries have rpath and Linux's ld.so has LD_LIBRARY_PATH. I don't know how the linker works on macOS.

@shifqu
Copy link

shifqu commented Jul 28, 2021

@intgr any update on this? Our django project uses python-ldap, and we have some devs running MacOS. They are running in the same issue that you mention here.

@intgr
Copy link
Contributor Author

intgr commented Jul 29, 2021

Unfortunately not. I switched to using the system trust store on macOS and added an if condition to omit OPT_X_TLS_CACERTFILE on this platform.

@rkoumis
Copy link

rkoumis commented Sep 17, 2021

I ran into the same issue. My environment:

macOS: 11.6
openldap: 2.5.7 (via brew)
python: 3.6.8
python-ldap: 3.3.1

@mistotebe
Copy link
Contributor

You could check if adding runtime_library_dirs to setup.py improves the situation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@intgr @tiran @mistotebe @rkoumis @shifqu