[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL proxy auth problem -- looks like a bug



> Quoting masarati@aero.polimi.it:
>
>>> ldap_url_parse_ext(ldap://ldapks.example.com:389)
>>> =>ldap_back_getconn: conn=1001 op=3: lc=0x960e6f8 inserted refcnt=1
>>> rc=0
>>> ldap_sasl_bind
>>
>> ^^^ this call shouldn't be here; on the contrary, this should result in
>> calling ldap_sasl_interactive_bind_s() from within back-ldap's
>> ldap_back_proxy_authz_bind().  I have no clue about why this is
>> happening
>> since I've never tested this with GSSAPI (and I can't do it now).
>> However
>> I've tested it with other SASL mechs (including DIGEST-MD5 and EXTERNAL)
>> and it worked as expected.
>
> Then I suppose it's a good thing I ran into it. ;-)

As I said, I have no clue.

> Shall I file a bug report?

Yes, if you like.  Hopefully someone can test your scenario with GSSAPI.

> If so, I would prefer to do it via Debian's
> bug reporting system, since that's what I'm using

If you use Debian's bug reporting, you implicitly assume Debian
maintainers will address the issue.  If you want OpenLDAP developers to
address it, you need to use OpenLDAP's tracker.

p.