[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#4391) "Local error (-2)" when binding to ActiveDirectory
Full_Name: Paul R. Turgyan
Version: 2.3.16
OS: Linux from source 2.4.29
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (141.213.231.212)
When binding to Microsoft ActiveDirectory using MIT-Kerberos 1.3.4
and Cyrus-SASL-2.1.20 I get the error:
26:devilsadvocate/tools: ./ldapsearch -b
ou=people,ou=umich,dc=adsroot,dc=itd,dc=umich,dc=edu samaccountname=pturgyan
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
In cyrus.c, when the SASL bind completes, the scred
berval points to a berval with zero length.
Similar code used to be in cyrus.c but was changed in version 1.122
here's the fix:
*** cyrus.c- Tue Jan 3 17:16:08 2006
--- cyrus.c Mon Feb 6 15:26:31 2006
***************
*** 752,757 ****
--- 752,758 ----
if( rc == LDAP_SUCCESS && saslrc == SASL_OK ) {
/* we're done, no need to step */
if( scred ) {
+ if (scred->bv_len ) {
/* but we got additional data? */
Debug( LDAP_DEBUG_TRACE,
"ldap_int_sasl_bind: rc=%d sasl=%d
len=%ld\n",
***************
*** 761,766 ****
--- 762,769 ----
rc = ld->ld_errno = LDAP_LOCAL_ERROR;
goto done;
}
+ ber_bvfree( scred );
+ }
break;
}