[Date Prev][Date Next] [Chronological] [Thread] [Top]

change related to its 4046 seems to break sasl/gssapi working with AD

im not sure this is a legit problem or an issue with how MS deals with sasl/gssapi...

changes for cyrus.c to break sasl/gssapi binds to AD (vers 2.3.8 and up, at least for me).  if i roll back to in 2.3.11, everything builds ok and ldapsearch/sasl/gssapi to AD work.  looking at the diff, there is memory cleanup as well as some changes to checking the values provided by scred following a call to ldap_sasl_bind_s.  adding back in the mem cleanup and the first reorder of the if statements and rebuilding, sasl/gssapi still works.  
changing the second if statement results in (this change is after seeing if the rc and saslrc are OK):

SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)

in the older if statement, (scred && scred->bv_len) evaluates to false, and LDAP_LOCAL_ERROR is not returned.
with the change, (scred) evals to true and LDAP_LOCAL_ERROR is set, which is why i see the failure.

i have run ldapsearch -d 1 and can provide the results...

Network/Systems Engineer 

Here is a really great OS 
checkout also: 
NOTICE: This E-mail may contain confidential information. If you are not
the addressee or the intended recipient please do not read this E-mail
and please immediately delete this e-mail message and any attachments
from your workstation or network mail system. If you are the addressee
or the intended recipient and you save or print a copy of this E-mail,
please place it in an appropriate file, depending on whether
confidential information is contained in the message.