[Date Prev][Date Next] [Chronological] [Thread] [Top]

AW: really bug in slurpd?

To: "'Howard Chu'" <hyc@highlandsun.com>, Tarassov Vadim <Vadim.Tarassov@winterthur.ch>, "'vadim tarassov'" <vadim.tarassov@swissonline.ch>, openldap-software@OpenLDAP.org
Subject: AW: really bug in slurpd?
From: Tarassov Vadim <Vadim.Tarassov@winterthur.ch>
Date: Sat, 22 Jun 2002 12:08:17 +0200

Hallo Horward,

than it is really bug in slurpd, please read my email carefully. Slurpd will crash when you configure SASL EXTERNAL and do not provide authcId, ri->ri_authcId is NULL and it dumps.

Regards, Vadim Tarassov.

-----Ursprüngliche Nachricht-----
Von: Howard Chu [mailto:hyc@highlandsun.com]
Gesendet am: Samstag, 22. Juni 2002 03:34
An: Tarassov Vadim; 'vadim tarassov'; openldap-software@OpenLDAP.org
Betreff: RE: really bug in slurpd?

You cannot use SASL EXTERNAL without an X.509 client certificate. When you
use a certificate, the authcID is the certificate DN. If you configure any
other name it will be ignored.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Tarassov Vadim
> Sent: Friday, June 21, 2002 10:20 AM
> To: 'vadim tarassov'; openldap-software@OpenLDAP.org
> Subject: really bug in slurpd?
>
>
> Hallo again,
>
> Does anyone know what could be authcId when using EXTERNAL SASL mechanism?
> Problem is that slurpd expects due to
>
> #ifdef NEW_LOGGING
>         LDAP_LOG (( "operation", LDAP_LEVEL_ARGS,
>                 "do_bind: bind to %s as %s via %s (SASL)\n",
>                 ri->ri_hostname, ri->ri_authcId, ri->ri_saslmech ));
> #else
>         Debug( LDAP_DEBUG_ARGS, "bind to %s as %s via %s (SASL)\n",
>                 ri->ri_hostname, ri->ri_authcId, ri->ri_saslmech );
> #endif
>
> in ldap_op.c
>
> authcId in slapd.conf, otherwise it crashes. I can imagine what
> authcid could be in case of CRAM-MD5, for example, but what if I
> want to use EXTERNAL?
>
> Anyway, defining something senseless as authcid and using EXTERNAL
> as saslmech in slurpd does not help, because TLS handshake does
> not work between slapd and slurpd:
>
> TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer
> did not return a certificate s3_srvr.c:1788
>
> Am I doing wrong something?
>
> Regards, Vadim Tarassov.
>
> -----Ursprüngliche Nachricht-----
> Von: vadim tarassov [mailto:vadim.tarassov@swissonline.ch]
> Gesendet am: Donnerstag, 20. Juni 2002 23:05
> An: openldap-software@OpenLDAP.org
> Betreff: bug in slurpd?
>
> Hallo everybody,
>
> I would like to inform you that my slurpd dumps on Solaris 2.6 if I want
> him to authenticate with slave ldap via SASL. Last thing which he wrote
> was "ldap_create". I will try to rebuild everything with debug
> information and look in core dump, but if someone knows what's wrong
> please share this knowledge with me!
>
> Regards, Vadim Tarassov.
>

Prev by Date: commercial support
Next by Date: SSL problem
Index(es):
- Chronological
- Thread