[Date Prev][Date Next] [Chronological] [Thread] [Top]

AW: really bug in slurpd?

Hallo Horward,

than it is really bug in slurpd, please read my email carefully. Slurpd will crash when you configure SASL EXTERNAL and do not provide authcId, ri->ri_authcId is NULL and it dumps.

Regards, Vadim Tarassov.

-----Ursprüngliche Nachricht-----
Von: Howard Chu [mailto:hyc@highlandsun.com]
Gesendet am: Samstag, 22. Juni 2002 03:34
An: Tarassov Vadim; 'vadim tarassov'; openldap-software@OpenLDAP.org
Betreff: RE: really bug in slurpd?

You cannot use SASL EXTERNAL without an X.509 client certificate. When you
use a certificate, the authcID is the certificate DN. If you configure any
other name it will be ignored.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Tarassov Vadim
> Sent: Friday, June 21, 2002 10:20 AM
> To: 'vadim tarassov'; openldap-software@OpenLDAP.org
> Subject: really bug in slurpd?
> Hallo again,
> Does anyone know what could be authcId when using EXTERNAL SASL mechanism?
> Problem is that slurpd expects due to
> #ifdef NEW_LOGGING
>         LDAP_LOG (( "operation", LDAP_LEVEL_ARGS,
>                 "do_bind: bind to %s as %s via %s (SASL)\n",
>                 ri->ri_hostname, ri->ri_authcId, ri->ri_saslmech ));
> #else
>         Debug( LDAP_DEBUG_ARGS, "bind to %s as %s via %s (SASL)\n",
>                 ri->ri_hostname, ri->ri_authcId, ri->ri_saslmech );
> #endif
> in ldap_op.c
> authcId in slapd.conf, otherwise it crashes. I can imagine what
> authcid could be in case of CRAM-MD5, for example, but what if I
> want to use EXTERNAL?
> Anyway, defining something senseless as authcid and using EXTERNAL
> as saslmech in slurpd does not help, because TLS handshake does
> not work between slapd and slurpd:
> TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer
> did not return a certificate s3_srvr.c:1788
> Am I doing wrong something?
> Regards, Vadim Tarassov.
> -----Ursprüngliche Nachricht-----
> Von: vadim tarassov [mailto:vadim.tarassov@swissonline.ch]
> Gesendet am: Donnerstag, 20. Juni 2002 23:05
> An: openldap-software@OpenLDAP.org
> Betreff: bug in slurpd?
> Hallo everybody,
> I would like to inform you that my slurpd dumps on Solaris 2.6 if I want
> him to authenticate with slave ldap via SASL. Last thing which he wrote
> was "ldap_create". I will try to rebuild everything with debug
> information and look in core dump, but if someone knows what's wrong
> please share this knowledge with me!
> Regards, Vadim Tarassov.