[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SASL/Kerberos V4 & openldap

To: "'Quanah Gibson-Mount'" <quanah@stanford.edu>, "'Kurt D. Zeilenga'" <Kurt@OpenLDAP.org>
Subject: RE: SASL/Kerberos V4 & openldap
From: "Howard Chu" <hyc@highlandsun.com>
Date: Thu, 31 Oct 2002 14:30:13 -0800
Cc: <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <785519927.1036073744@cadabra.stanford.edu>

> -----Original Message-----
> From: Quanah Gibson-Mount [mailto:quanah@stanford.edu]

> >From this page:
>
> http://www.hut.fi/cc/docs/kerberos/nss_ldap.html
>
> it seems that Openldap is not using the negotiated SASL buffer size
> correctly.

You should read more carefully. That page states:
>>>
    This is also a feature with Active Directory: large queries with SASL
will fail because Active Directory is not using the negotiated buffer size
correctly.
<<<
The problem is with Active Directory, not OpenLDAP. Active Directory
completely ignores the negotiated buffer size and writes as much as it wants
into a single SASL buffer. This is a well known problem. There are no
workarounds, go complain to Microsoft for a fix. Older versions of Cyrus SASL
have a related bug that exacerbates the problem; they restrict the buffer
size to 0xffff max when the SASL protocol dictates a max of 0xffffff. I
believe this has been fixed as of Cyrus 2.1.7.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

Follow-Ups:
- RE: SASL/Kerberos V4 & openldap
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

References:
- RE: SASL/Kerberos V4 & openldap
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: RE: SASL/Kerberos V4 & openldap
Next by Date: RE: SASL/Kerberos V4 & openldap
Index(es):
- Chronological
- Thread