[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7585) LDAPI with GSSAPI does not work if SASL_NOCANON=on

Full_Name: Sumit Bose
Version: 2.4.34
OS: Fedora 18
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

When using LDAPI with GSSAPI and SASL_NOCANON=on I get the following error:

# LDAPSASL_NOCANON=on ldapsearch -H
'ldapi://%2fvar%2frun%2fslapd-IPA18-DEVEL.socket' -Y GSSAPI -s base dn
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
	additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS
failure.  Minor code may provide more information (Server
krbtgt/SOCKET@IPA18.DEVEL not found in Kerberos database)

This happens because if SASL_NOCANON=on the "host" part from the LDAP URI is
used as SASL host, which just contains a local path in the LDAPI case.

The related Fedora issue is tracked in
https://bugzilla.redhat.com/show_bug.cgi?id=960222 which also contains a patch
for the issue https://bugzilla.redhat.com/attachment.cgi?id=744866 .