[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL and GSSAPI (ITS#2944)

To: openldap-its@OpenLDAP.org
Subject: SASL and GSSAPI (ITS#2944)
From: sjh@google.com
Date: Mon, 2 Feb 2004 19:44:20 GMT

Full_Name: Seth Hettich
Version: 2.2.5
OS: Linux (RH9)
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (216.33.229.163)


When using SASL/GSSAPI you get:
[...]
ber_get_next
sb_sasl_pkt_length: received illegal packet length of 65548 bytes
sb_sasl_read: failed to decode packet: generic failure
ldap_perror
ldap_result: Can't contact LDAP server (81)
[...]

from ldapsearch when doing a search that returns a lot of data (> 65548 bytes
bytes)

I see several problems:

* openldap needs to "chunk" up it's data when using SASL security layer, only
sending
at most 65548 bytes at a time to the SASL layer.

* When using TLS, you should turn off the SASL security layer (I see code to do
this,
but it's not complete).  This would give a workaround to the 1st problem.

Next by Date: compiling back-perl with perl-5.8.0 (ITS#2946)
Index(es):
- Chronological
- Thread