LDAP issue with SASL 2.1.26

Sergey Emantayev sergeem at yahoo.com
Wed Dec 4 04:56:54 EST 2013


Hi Howard,

We didn't try neither 2.1.24 nor 2.1.25.

The issue is probably caused by additional SASL plugins we have. I will continue my investigation.
 

Thanks,
Sergey Emantayev




On Wednesday, December 4, 2013 11:19 AM, Howard Chu <hyc at highlandsun.com> wrote:
 
Bill MacAllister wrote:

>
>
> --On Monday, December 02, 2013 01:14:24 PM -0800 Sergey Emantayev <sergeem at yahoo.com> wrote:
>
>> Hello,
>>
>> We successfully use OpenLDAP C SDK 2.4.36 integrated with Cyrus-SASL
>> 2.1.23. Recently we have upgraded Cyrus-SASL to 2.1.26 and
>> encountering the next issue.
>>
>> LDAP search consistently fails. We analyzed this issue and found the
>> following behavior.
>>
>> When we use OpenLDAP with Cyrus-SASL 2.1.23 the LDAP Message Search
>> Request payload is wrapped in GSS-API payload.
>>
>> When we use OpenLDAP with Cyrus-SASL 2.1.26 the LDAP Message Search
>> Request payload is not wrapped in GSS-API payload at all. LDAP
>> Search Request looks like clear text LDAP Search Request and not
>> like LDAP SASL Search Request.
>>
>> In both cases - with Cyrus-SASL 2.1.23 and with Cyrus-SASL 2.1.26 –
>> LDAP SASL Bind succeeds and LDAP SASL bindResponse looks identical
>> with Cyrus-SASL 2.1.23 and with Cyrus-SASL 2.1.26.
>>
>> Please advise how to troubleshoot the issue.
>
> When I tried using 2.1.26 I had to set minssf to get it to work.  Here
> is the setting that we are currently using.
>
>    olcSaslSecProps: minssf=1,noplain,noanonymous

This sounds like a regression in Cyrus SASL; certainly it is an undocumented 
change in behavior. Can you confirm that the behavior from 2.1.23-2.1.25 
wasn't changed?

-- 
   -- Howard Chu
   CTO, Symas Corp.          http://www.symas.com
   Director, Highland Sun    http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20131204/3675e4f7/attachment.html 


More information about the Cyrus-sasl mailing list