[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldapsearch broken for GSS-API (ITS#2882)

To: openldap-its@OpenLDAP.org
Subject: ldapsearch broken for GSS-API (ITS#2882)
From: lukeh@padl.com
Date: Tue, 16 Dec 2003 10:49:16 GMT

Full_Name: Luke Howard
Version: 2.2.3
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (203.13.32.69)


One thing that appears to be broken in 2.2.3: using the GSSAPI SASL mechanism,
"ldapsearch -h foo", where foo is a host name apart from "localhost".

Prior to the merge, the converse was the case: "localhost" did not  work but
"foo" did. :-)

Enabling the conditional at line 749 of libraries/libldap/os-ip.c  restores the
old behavior for non-loopback addresses (this is in ldap_host_connected_to()).
This appears to be the correct solution given what the function is supposed to
do.

An alternative fix would be to make the default hostname passed into
ldap_host_connected_to() as follows:

        char *saslhost = ldap_host_connected_to( ld->ld_sb,
                (ld->ld_defconn->lconn_server->lud_host != NULL) ?
                "localhost" : ld->ld_defconn->lconn_server->lud_host );
        rc = ldap_int_sasl_open( ld, ld->ld_defconn, saslhost );
        ...

Either of these fixes should still allow specifying the loopback address to work
with Kerberos.

Prev by Date: RE: 2.2.3beta crashes in backend_group() (ITS#2880)
Next by Date: slapd crash in malloc(3bytes) (ITS#2881)
Index(es):
- Chronological
- Thread