[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP, SASL and TLS

To: Kristof Takacs <kristof.takacs@gmail.com>
Subject: Re: OpenLDAP, SASL and TLS
From: Dan White <dwhite@olp.net>
Date: Mon, 6 Oct 2014 13:24:48 -0500
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <CAJVcxRZcXYCjOa3r1YOUgGLdUwT4gS2-P8_emSCVgFJq3D2xvA@mail.gmail.com> <CAJVcxRZuyY=J4CLHuJkWKZaFtTApE9bX75BDLG2sstpL5OtBeQ@mail.gmail.com>
User-agent: Mutt/1.5.23 (2014-03-12)

On 10/06/14 13:27 -0400, Kristof Takacs wrote:

I am having issues when I have Kerberos bind and TLS turned on.


On 10/06/14 14:03 -0400, Kristof Takacs wrote:

I use the following version:

- OpenLDAP (2.4.35), but I have tried 2.4.39 as well
- Cyrus SASL (2.1.26)
- OpenSSL (1.0.1h)
- Heimdal ( I beleive 1.5.2)


There is a known bug in Cyrus SASL which triggers this problem:

https://bugzilla.cyrusimap.org/show_bug.cgi?id=3480

If adding "-O maxssf=0" to your ldapsearch command, when using both
Kerberos and TLS, works then that's likely the culprit.

--
Dan White

Follow-Ups:
- Re: OpenLDAP, SASL and TLS
  - From: Dan White <dwhite@olp.net>

References:
- OpenLDAP, SASL and TLS
  - From: Kristof Takacs <kristof.takacs@gmail.com>

Prev by Date: Re: OpenLDAP, SASL and TLS
Next by Date: Re: OpenLDAP, SASL and TLS
Index(es):
- Chronological
- Thread