[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
GSSAPI interoperabity with ActiveDirectory (ITS#884)
Full_Name: Norbert Klasen
Version: head
OS: linux
URL:
Submission from: (NULL) (134.2.217.40)
On GSSAPI binds AD sends the BindResponse indicating succes with an empty
serverSaslCreds field:
0000 30 18: SEQUENCE {
0006 02 1: INTEGER = 4
0009 61 9: [APPLICATION 1] {
000F 0A 1: ENUM = 0
0012 04 0: STRING = ''
0014 04 0: STRING = ''
0016 87 0: [CONTEXT 7]
0018 : }
0018 : }
However ldap_int_sasl_bind fails on this with LDAP_LOCAL_ERROR. I guess OpenLDAP
expects serverSaslCreds to be absent since this field is optional. My patch
checks
if there really is some data in the last serverSaslCreds and only aborts then.
--- libraries/libldap/cyrus.c.orig Fri Nov 10 11:16:31 2000
+++ libraries/libldap/cyrus.c Fri Nov 10 11:20:33 2000
@@ -576,7 +576,7 @@
if( rc == LDAP_SUCCESS && saslrc == SASL_OK ) {
/* we're done, no need to step */
- if( scred ) {
+ if( scred && (scred->bv_len > 0) ) {
/* but server provided us with data! */
Debug( LDAP_DEBUG_TRACE,
"ldap_int_sasl_bind: rc=%d sasl=%d
len=%ld\n",