[Date Prev][Date Next] [Chronological] [Thread] [Top]

GSSAPI interoperabity with ActiveDirectory (ITS#884)

To: openldap-its@OpenLDAP.org
Subject: GSSAPI interoperabity with ActiveDirectory (ITS#884)
From: klasen@zdv.uni-tuebingen.de
Date: Fri, 10 Nov 2000 15:44:49 GMT

Full_Name: Norbert Klasen
Version: head
OS: linux
URL: 
Submission from: (NULL) (134.2.217.40)


On GSSAPI binds AD sends the BindResponse indicating succes with an empty 
serverSaslCreds field:

0000 30   18: SEQUENCE {
0006 02    1:   INTEGER = 4
0009 61    9:   [APPLICATION 1] {
000F 0A    1:     ENUM = 0
0012 04    0:     STRING = ''
0014 04    0:     STRING = ''
0016 87    0:     [CONTEXT 7]
0018        :   }
0018        : }

However ldap_int_sasl_bind fails on this with LDAP_LOCAL_ERROR. I guess OpenLDAP

expects serverSaslCreds to be absent since this field is optional. My patch
checks 
if there really is some data in the last serverSaslCreds and only aborts then.

--- libraries/libldap/cyrus.c.orig      Fri Nov 10 11:16:31 2000
+++ libraries/libldap/cyrus.c   Fri Nov 10 11:20:33 2000
@@ -576,7 +576,7 @@
 
                if( rc == LDAP_SUCCESS && saslrc == SASL_OK ) {
                        /* we're done, no need to step */
-                       if( scred ) {
+                       if( scred && (scred->bv_len > 0) ) {
                                /* but server provided us with data! */
                                Debug( LDAP_DEBUG_TRACE,
                                        "ldap_int_sasl_bind: rc=%d sasl=%d
len=%ld\n",

Prev by Date: make test fails on 2.0.7
Next by Date: back-ldap uses LDAP2?
Index(es):
- Chronological
- Thread