[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7585) LDAPI with GSSAPI does not work if SASL_NOCANON=on

To: openldap-its@OpenLDAP.org
Subject: (ITS#7585) LDAPI with GSSAPI does not work if SASL_NOCANON=on
From: sbose@redhat.com
Date: Tue, 7 May 2013 19:12:59 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Sumit Bose
Version: 2.4.34
OS: Fedora 18
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (88.72.5.29)


When using LDAPI with GSSAPI and SASL_NOCANON=on I get the following error:

# LDAPSASL_NOCANON=on ldapsearch -H
'ldapi://%2fvar%2frun%2fslapd-IPA18-DEVEL.socket' -Y GSSAPI -s base dn
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
	additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS
failure.  Minor code may provide more information (Server
krbtgt/SOCKET@IPA18.DEVEL not found in Kerberos database)

This happens because if SASL_NOCANON=on the "host" part from the LDAP URI is
used as SASL host, which just contains a local path in the LDAPI case.

The related Fedora issue is tracked in
https://bugzilla.redhat.com/show_bug.cgi?id=960222 which also contains a patch
for the issue https://bugzilla.redhat.com/attachment.cgi?id=744866 .

Prev by Date: Re: (ITS#7584) slapd ignores loglevel packets, ber and parse.
Next by Date: (ITS#7586) MDB tests crash
Index(es):
- Chronological
- Thread