[Date Prev][Date Next]
Re: (ITS#5195) ssf not available during sasl bind
On Fri, 2007-10-26 at 19:59 -0700, Quanah Gibson-Mount wrote:
> > ldapsearch -ZZ -U "openldap" -b "dc=pwd,dc=lubemobile,dc=com,dc=au"
> > "(uid=it)" ldap_sasl_interactive_bind_s: Confidentiality required (13)
> > additional info: SASL confidentiality required
> > Is that a bug?
> I suggest reading the part on sasl-secprops in the slapd.conf (5) man page.
> It notes that the default is to setting is to block anonymous and plain
> SASL binds.
I suspect you are right in that is the cause of the
problem because a -Y DIGEST-MD5 fixes it. But, as
I said, it worked before the security option was
added. It worked because DIGEST-MD5 was the default.
So why isn't it the default now?
Now that you have pointed it out, I guess that the
addition of the 'security' option prevented SASL
from searching dn="" for the types of authentications
> access to userPassword
> by users read sasl_ssf=128 break
> by users read tls=128
> I think might do it.
You would think that would do it - certainly I did. But
you would be wrong. Currently it doesn't, and that is
what this ITS is about. The patch I supplied with the
initial bug report changes things so it does work.