[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL and GSSAPI (ITS#2944)

Full_Name: Seth Hettich
Version: 2.2.5
OS: Linux (RH9)
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

When using SASL/GSSAPI you get:
sb_sasl_pkt_length: received illegal packet length of 65548 bytes
sb_sasl_read: failed to decode packet: generic failure
ldap_result: Can't contact LDAP server (81)

from ldapsearch when doing a search that returns a lot of data (> 65548 bytes

I see several problems:

* openldap needs to "chunk" up it's data when using SASL security layer, only
at most 65548 bytes at a time to the SASL layer.

* When using TLS, you should turn off the SASL security layer (I see code to do
but it's not complete).  This would give a workaround to the 1st problem.