Explicitly provide a way to disable Kerberos/SASL/SSL usage in nss_ldap, so that you can build non-kerberos versions on systems with Kerberos installed WITHOUT it linking due to presence. Signed-off-by: Robin H. Johnson diff -Nuar nss_ldap-264.orig/configure.in nss_ldap-264/configure.in --- nss_ldap-264.orig/configure.in 2009-07-28 10:35:27.599965878 -0700 +++ nss_ldap-264/configure.in 2009-07-28 10:36:00.620375469 -0700 @@ -10,6 +10,21 @@ AC_PROG_INSTALL dnl +dnl Turn on/off SSL +dnl +AC_ARG_ENABLE(ssl, [ --enable-ssl enable SSL code ], [AC_DEFINE([WANT_SSL], [1], [Define if SSL is wanted])]) + +dnl +dnl Turn on/off Kerberos +dnl +AC_ARG_ENABLE(krb, [ --enable-krb enable Kerberos code ], [AC_DEFINE([WANT_KRB], [1], [Define if Kerberos is wanted])]) + +dnl +dnl Turn on/off SASL +dnl +AC_ARG_ENABLE(sasl, [ --enable-sasl enable Kerberos code ], [AC_DEFINE([WANT_SASL], [1], [Define if SASL is wanted])]) + +dnl dnl --enable-rfc2307bis is now deprecated; if this option is set, dnl then RFC2307bis support will be enabled by default. However dnl it can now always be enabled at runtime with the nss_schema @@ -178,12 +193,18 @@ AC_CHECK_HEADERS(sys/un.h) AC_CHECK_HEADERS(libc-lock.h) AC_CHECK_HEADERS(bits/libc-lock.h) -AC_CHECK_HEADERS(sasl.h sasl/sasl.h) +if test "$enable_sasl" \!= "no"; then + AC_CHECK_HEADERS(sasl.h sasl/sasl.h) +fi AC_CHECK_HEADERS(strings.h) -AC_CHECK_HEADERS(gssldap.h) -AC_CHECK_HEADERS(gsssasl.h) -AC_CHECK_HEADERS(gssapi/gssapi_krb5.h gssapi/gssapi.h gssapi.h) -AC_CHECK_HEADERS(krb5.h) +if test "$enable_krb" \!= "no"; then + AC_CHECK_HEADERS(gssldap.h) + if test "$enable_sasl" \!= "no"; then + AC_CHECK_HEADERS(gsssasl.h) + fi + AC_CHECK_HEADERS(gssapi/gssapi_krb5.h gssapi/gssapi.h gssapi.h) + AC_CHECK_HEADERS(krb5.h) +fi AC_CHECK_LIB(resolv, main) AC_CHECK_LIB(nsl, main) @@ -286,19 +307,25 @@ AC_CHECK_LIB(dl, dlopen,[LIBS="-ldl $LIBS"],,$LIBS) dnl AC_CHECK_LIB(db, main,[LIBS="-ldb $LIBS"],,$LIBS) -AC_CHECK_LIB(gssapi, gss_krb5_ccache_name,[LIBS="-lgssapi $LIBS" found_gssapi_lib=yes],,$LIBS) -if test -z "$found_gssapi_lib"; then - AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name,[LIBS="-lgssapi_krb5 $LIBS"],,$LIBS) +if test "$enable_krb" \!= "no"; then + AC_CHECK_LIB(gssapi, gss_krb5_ccache_name,[LIBS="-lgssapi $LIBS" found_gssapi_lib=yes],,$LIBS) + if test -z "$found_gssapi_lib"; then + AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name,[LIBS="-lgssapi_krb5 $LIBS"],,$LIBS) + fi fi dnl Following checks probably not strictly necessary. dnl AC_CHECK_LIB(crypto, main,[LIBS="-lcrypto $LIBS"],,$LIBS) dnl AC_CHECK_LIB(ssl, main,[LIBS="-lssl $LIBS"],,$LIBS) AC_CHECK_LIB(com_err, main,[LIBS="-lcom_err $LIBS"],,$LIBS) -dnl AC_CHECK_LIB(k5crypto, main,[LIBS="-lk5crypto $LIBS"],,$LIBS) -AC_CHECK_LIB(krb5, main,[LIBS="-lkrb5 $LIBS"],,$LIBS) -dnl AC_CHECK_LIB(krb4, main,[LIBS="-lkrb4 $LIBS"],,$LIBS) -AC_CHECK_LIB(sasl2, sasl_client_init) +if test "$enable_krb" \!= "no"; then + dnl AC_CHECK_LIB(k5crypto, main,[LIBS="-lk5crypto $LIBS"],,$LIBS) + AC_CHECK_LIB(krb5, main,[LIBS="-lkrb5 $LIBS"],,$LIBS) + dnl AC_CHECK_LIB(krb4, main,[LIBS="-lkrb4 $LIBS"],,$LIBS) +fi +if test "$enable_sasl" \!= "no"; then + AC_CHECK_LIB(sasl2, sasl_client_init) +fi if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = umich -o $with_ldap_lib = openldap \); then AC_CHECK_LIB(lber, main) @@ -331,13 +358,17 @@ AC_CHECK_LIB(pthread, main) fi -AC_CHECK_LIB(gssldap, ldap_gss_bind,[LIBS="-lgssldap $LIBS"],,$LIBS) +if test "$enable_krb" \!= "no"; then + AC_CHECK_LIB(gssldap, ldap_gss_bind,[LIBS="-lgssldap $LIBS"],,$LIBS) +fi -AC_CHECK_FUNCS(sasl_auxprop_request) AC_CHECK_FUNCS(ldap_init ldap_get_lderrno ldap_parse_result ldap_memfree ldap_controls_free) AC_CHECK_FUNCS(ldap_ld_free ldap_explode_rdn ldap_set_option ldap_get_option) -AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s ldap_initialize ldap_search_ext) +AC_CHECK_FUNCS(ldap_initialize ldap_search_ext) AC_CHECK_FUNCS(ldap_create_control ldap_create_page_control ldap_parse_page_control) +if test "$enable_sasl" \!= "no"; then + AC_CHECK_FUNCS(sasl_auxprop_request ldap_sasl_interactive_bind_s) +fi if test "$enable_ssl" \!= "no"; then AC_CHECK_FUNCS(ldapssl_client_init ldap_start_tls_s ldap_pvt_tls_set_option ldap_start_tls) fi