<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12pt"><div><span>Hi Howard,</span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal; "><span><br></span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal; "><span>We didn't try neither 2.1.24 nor 2.1.25.</span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal; "><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue, 'Helvetica
Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal; ">The issue is probably caused by additional SASL plugins we have. I will continue my investigation.</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal; "> <br></div><div>Thanks,</div><div>Sergey Emantayev</div><div><br></div><div class="yahoo_quoted" style="display: block; "> <br> <br> <div style="font-size: 12pt; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; "> <div style="font-size: 12pt; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; "> <div dir="ltr"> <font size="2" face="Arial"> On Wednesday, December 4, 2013 11:19 AM, Howard Chu <hyc@highlandsun.com> wrote:<br> </font> </div> <div
class="y_msg_container">Bill MacAllister wrote:<div class="yqt4548646542" id="yqtfd37785"><br clear="none">><br clear="none">><br clear="none">> --On Monday, December 02, 2013 01:14:24 PM -0800 Sergey Emantayev <<a shape="rect" ymailto="mailto:sergeem@yahoo.com" href="mailto:sergeem@yahoo.com">sergeem@yahoo.com</a>> wrote:<br clear="none">><br clear="none">>> Hello,<br clear="none">>><br clear="none">>> We successfully use OpenLDAP C SDK 2.4.36 integrated with Cyrus-SASL<br clear="none">>> 2.1.23. Recently we have upgraded Cyrus-SASL to 2.1.26 and<br clear="none">>> encountering the next issue.<br clear="none">>><br clear="none">>> LDAP search consistently fails. We analyzed this issue and found the<br clear="none">>> following behavior.<br clear="none">>><br clear="none">>> When we use OpenLDAP with Cyrus-SASL 2.1.23 the LDAP Message Search<br clear="none">>> Request
payload is wrapped in GSS-API payload.<br clear="none">>><br clear="none">>> When we use OpenLDAP with Cyrus-SASL 2.1.26 the LDAP Message Search<br clear="none">>> Request payload is not wrapped in GSS-API payload at all. LDAP<br clear="none">>> Search Request looks like clear text LDAP Search Request and not<br clear="none">>> like LDAP SASL Search Request.<br clear="none">>><br clear="none">>> In both cases - with Cyrus-SASL 2.1.23 and with Cyrus-SASL 2.1.26 –<br clear="none">>> LDAP SASL Bind succeeds and LDAP SASL bindResponse looks identical<br clear="none">>> with Cyrus-SASL 2.1.23 and with Cyrus-SASL 2.1.26.<br clear="none">>><br clear="none">>> Please advise how to troubleshoot the issue.<br clear="none">><br clear="none">> When I tried using 2.1.26 I had to set minssf to get it to work. Here<br clear="none">> is the setting that we are currently using.<br
clear="none">><br clear="none">> olcSaslSecProps: minssf=1,noplain,noanonymous</div><br clear="none"><br clear="none">This sounds like a regression in Cyrus SASL; certainly it is an undocumented <br clear="none">change in behavior. Can you confirm that the behavior from 2.1.23-2.1.25 <br clear="none">wasn't changed?<br clear="none"><br clear="none">-- <br clear="none"> -- Howard Chu<br clear="none"> CTO, Symas Corp. <a shape="rect" href="http://www.symas.com/" target="_blank">http://www.symas.com</a><br clear="none"> Director, Highland Sun <a shape="rect" href="http://highlandsun.com/hyc/" target="_blank">http://highlandsun.com/hyc/</a><br clear="none"> Chief Architect, OpenLDAP <a shape="rect" href="http://www.openldap.org/project/" target="_blank">http://www.openldap.org/project/</a><div class="yqt4548646542" id="yqtfd39413"><br
clear="none"></div><br><br></div> </div> </div> </div> </div></body></html>