Issue 7585 - LDAPI with GSSAPI does not work if SASL_NOCANON=on
Summary: LDAPI with GSSAPI does not work if SASL_NOCANON=on
Status: VERIFIED FIXED
Alias: None
Product: OpenLDAP
Classification: Unclassified
Component: slapd (show other issues)
Version: 2.4.34
Hardware: All All
: --- normal
Target Milestone: ---
Assignee: OpenLDAP project
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-05-07 19:12 UTC by sbose@redhat.com
Modified: 2019-07-24 18:58 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this issue.
Description sbose@redhat.com 2013-05-07 19:12:59 UTC
Full_Name: Sumit Bose
Version: 2.4.34
OS: Fedora 18
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (88.72.5.29)


When using LDAPI with GSSAPI and SASL_NOCANON=on I get the following error:

# LDAPSASL_NOCANON=on ldapsearch -H
'ldapi://%2fvar%2frun%2fslapd-IPA18-DEVEL.socket' -Y GSSAPI -s base dn
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
	additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS
failure.  Minor code may provide more information (Server
krbtgt/SOCKET@IPA18.DEVEL not found in Kerberos database)

This happens because if SASL_NOCANON=on the "host" part from the LDAP URI is
used as SASL host, which just contains a local path in the LDAPI case.

The related Fedora issue is tracked in
https://bugzilla.redhat.com/show_bug.cgi?id=960222 which also contains a patch
for the issue https://bugzilla.redhat.com/attachment.cgi?id=744866 .
Comment 1 Quanah Gibson-Mount 2017-04-13 15:32:31 UTC
changed notes
moved from Incoming to Software Bugs
Comment 2 Quanah Gibson-Mount 2017-04-14 21:20:01 UTC
Hello,

Thanks for the report.  Unfortunately, your submission does not follow the 
ITS guidelines, meaning we can't really move forward with it at this time. 
Please read over <http://www.openldap.org/devel/contributing.html>, 
particularly the IPR notice requirements as well as  patch submission 
requirements.  If you can correct these issues, then the project can move 
forward with including your work in the project.

Thanks!

--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>


Comment 3 Quanah Gibson-Mount 2019-04-18 01:35:35 UTC
--On Friday, April 14, 2017 10:20 PM +0000 quanah@symas.com wrote:

> Hello,
>
> Thanks for the report.  Unfortunately, your submission does not follow
> the  ITS guidelines, meaning we can't really move forward with it at this
> time.  Please read over
> <http://www.openldap.org/devel/contributing.html>,  particularly the IPR
> notice requirements as well as  patch submission  requirements.  If you
> can correct these issues, then the project can move  forward with
> including your work in the project.

Note: Requested again today that RedHat follow the correct submission 
guidelines for this patch, this time in their bugzilla instance.

--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>


Comment 4 Quanah Gibson-Mount 2019-04-18 01:37:08 UTC
changed notes
Comment 5 rich.megginson@gmail.com 2019-04-18 20:27:22 UTC
Red Hat, Inc. hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or 
redistributed for any purpose with or without attribution and/or other notice.


Comment 6 Howard Chu 2019-04-18 20:58:51 UTC
rmeggins@redhat.com wrote:
> Red Hat, Inc. hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or 
> redistributed for any purpose with or without attribution and/or other notice.

Thanks, fix applied in git master.

-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Comment 7 Howard Chu 2019-04-18 20:59:20 UTC
changed notes
changed state Open to Test
Comment 8 Quanah Gibson-Mount 2019-04-18 23:40:55 UTC
changed notes
changed state Test to Release
Comment 9 OpenLDAP project 2019-07-24 18:58:34 UTC
See also ITS#8998
Fixed in master
Fixed in RE24 (2.4.48)
Comment 10 Quanah Gibson-Mount 2019-07-24 18:58:34 UTC
changed notes
changed state Release to Closed