[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL 2.1.2 GSSAPI and EXTERNAL clients broken

Found another problem with our migration from 1.5 to 2.1; neither the GSSAPI
nor EXTERNAL client mechanisms work. (My previous testing against SASL 2 in
the OpenLDAP server was using a client linked with 1.5.27.) The problem is
that the canon_user function complains about the userid and authid being
NULL. Since both of these mechanisms get their username/credentials from
some other source, (X.509 certificate or Kerberos ticket) they're never set
within the SASL context. The 1.5 client mechanisms never cared. Is this a
bug in the LDAP client library because it never bothered to set these values
before, or is it a bug in the SASL client mechanisms (because they ought to
be fetching the names from their respective cert or ticket)?

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support