[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
change related to its 4046 seems to break sasl/gssapi working with AD
- To: <openldap-software@OpenLDAP.org>
- Subject: change related to its 4046 seems to break sasl/gssapi working with AD
- From: "Chapman, Kyle" <Kyle_Chapman@G1.com>
- Date: Wed, 19 Oct 2005 15:13:43 -0400
- Content-class: urn:content-classes:message
- Importance: normal
- Thread-index: AcXU4Tih3g95bQbNS6+3xcQRtsU+kg==
- Thread-topic: change related to its 4046 seems to break sasl/gssapi working with AD
im not sure this is a legit problem or an issue with how MS deals with sasl/gssapi...
changes for cyrus.c 1.112.2.6 to 1.112.2.7 break sasl/gssapi binds to AD (vers 2.3.8 and up, at least for me). if i roll back to 1.112.2.6 in 2.3.11, everything builds ok and ldapsearch/sasl/gssapi to AD work. looking at the diff, there is memory cleanup as well as some changes to checking the values provided by scred following a call to ldap_sasl_bind_s. adding back in the mem cleanup and the first reorder of the if statements and rebuilding, sasl/gssapi still works.
changing the second if statement results in (this change is after seeing if the rc and saslrc are OK):
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
in the older if statement, (scred && scred->bv_len) evaluates to false, and LDAP_LOCAL_ERROR is not returned.
with the change, (scred) evals to true and LDAP_LOCAL_ERROR is set, which is why i see the failure.
i have run ldapsearch -d 1 and can provide the results...
Network/Systems Engineer
www.g1.com
Here is a really great OS
www.freebsd.org
checkout also:
www.openbsd.org
www.dragonflybsd.org
www.netbsd.org
NOTICE: This E-mail may contain confidential information. If you are not
the addressee or the intended recipient please do not read this E-mail
and please immediately delete this e-mail message and any attachments
from your workstation or network mail system. If you are the addressee
or the intended recipient and you save or print a copy of this E-mail,
please place it in an appropriate file, depending on whether
confidential information is contained in the message.