[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#6728) libldap TCP/SASL problems
Full_Name: Quanah Gibson-Mount
Version: 2.4.23
OS: Linux 2.6
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (75.111.45.108)
As reported at: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604122
Hello,
During some tests for nslcd[1], I found that if the SASL_SECPROPS in
/etc/ldap/ldap.conf is incompatible with the SASL_MECH, then the
library:
- open a useless TCP connection to the server
- check the mechanism and fail
- close the TCP connection
===== /etc/ldap/ldap.conf
BASE dc=baby-gnu,dc=org
URI ldap://192.168.122.4
SASL_MECH DIGEST-MD5
SASL_SECPROPS noactive
===== /etc/ldap/ldap.conf
===== Wireshark capture
No. Time Source Destination Protocol Info
3 2.728967 192.168.122.3 192.168.122.4 TCP 51521 > ldap [SYN] Seq=0
[...]
4 2.729699 192.168.122.4 192.168.122.3 TCP ldap > 51521 [SYN, ACK]
Seq=0 [...]
5 2.729714 192.168.122.3 192.168.122.4 TCP 51521 > ldap [ACK] Seq=1
[...]
6 2.739576 192.168.122.3 192.168.122.4 TCP 51521 > ldap [FIN, ACK]
Seq=1 [...]
7 2.740686 192.168.122.4 192.168.122.3 TCP ldap > 51521 [FIN, ACK]
Seq=1 [...]
8 2.740702 192.168.122.3 192.168.122.4 TCP 51521 > ldap [ACK] Seq=2
[...]
===== Wireshark capture
===== ldapsearch
ldapsearch -U dad -s base -LLL supportedSASLMechanisms
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available: No worthy
mechs found
===== ldapsearch
As the problem is found in a software using the libldap, I conclude the
problem is in the lib and not in ldapsearc.
Regards.