[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6757) SASL canonicalize doesn't work as documented

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6757) SASL canonicalize doesn't work as documented
From: B.Candler@pobox.com
Date: Fri, 31 Dec 2010 13:53:17 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

I get similar behaviour using Cyrus SASL's sample-client and sample-server:

...
Negotiation complete
Username: student@REALM3.WS.NSRC.ORG
Realm: (NULL)
SSF: 56
...

Now, in sample-server.c, the displayed realm comes from

  result = sasl_getprop(conn, SASL_DEFUSERREALM, (const void **)&data);

which suggests this is intended to be the default realm, not the realm of
the user connecting. And clearly the username does include the Kerberos
realm.

But I'm having difficulty finding the corresponding OpenLDAP code to extract
the realm.  Is it making use of session callbacks, and expects Cyrus to call
slap_sasl_canonicalize (SASL_CB_CANON_USER) with the user_realm parameter?

Regards,

Brian.

Prev by Date: (ITS#6760) rwm broken entry handling
Next by Date: (ITS#6761) contrib usn overlay broken
Index(es):
- Chronological
- Thread