Full_Name: Pawel Tomulik Version: 2.4.33 OS: debian URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (46.227.109.205) Hi, this bug was also reported to syrus-sasl bugzilla, see https://bugzilla.cyrusimap.org/show_bug.cgi?id=3743 where configs, ldif files and some logs are provided. If I set: auxprop_plugin: slapd pwcheck_method: auxprop-hashed in my /usr/lib/sasl2/slapd.conf, then the ldapwhoami always gives positive response, no matter what username (-U) and password (-w) is provided. The bug may be reproduced easily on debian wheezy/sid by following instructions provided in https://bugzilla.cyrusimap.org/attachment.cgi?id=1503 these instructions reproduce bug on slapd 2.4.31 from debian package, however I reproduced it also on slapd from openlap 2.4.33 compiled from sources. It was said by Alaxey Melnikov (Cyrus) that the bug may be in libsasl code (part of Cyrus SASL), slapd (OpenLDAP) or both, so I report it also here.
changed notes changed state Open to Suspended
As discussed in private email with Pawel and Alexey, this is no bug. "auxprop-hashed" is an undocumented feature first added in Cyrus SASL 2.1.24 and not yet completely implemented in any published code. It appears to only be supported internally by ISODE at this point. There is no action for us to take until Cyrus completes the public implementation and documentation. ptomulik@meil.pw.edu.pl wrote: > Full_Name: Pawel Tomulik > Version: 2.4.33 > OS: debian > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (46.227.109.205) > > > Hi, > > this bug was also reported to syrus-sasl bugzilla, see > > https://bugzilla.cyrusimap.org/show_bug.cgi?id=3743 > > where configs, ldif files and some logs are provided. > > If I set: > > auxprop_plugin: slapd > pwcheck_method: auxprop-hashed > > in my /usr/lib/sasl2/slapd.conf, then the ldapwhoami always gives positive > response, > no matter what username (-U) and password (-w) is provided. The bug may be > reproduced > easily on debian wheezy/sid by following instructions provided in > > https://bugzilla.cyrusimap.org/attachment.cgi?id=1503 > > these instructions reproduce bug on slapd 2.4.31 from debian package, > however I reproduced it also on slapd from openlap 2.4.33 compiled from sources. > > > It was said by Alaxey Melnikov (Cyrus) that the bug may be in libsasl code (part > of Cyrus SASL), slapd (OpenLDAP) or both, so I report it also here. > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
changed notes
published 7419 marked public
no bug, auxprop-hashed is an undocumented SASL feature introduced in 2.1.24 No action from us until Cyrus properly documents it.