POSSIBLE BUG: Cyrus SASL 2.1.22: ldapdb

Howard Chu hyc at highlandsun.com
Sun Aug 19 05:23:05 EDT 2007


Patrick Ben Koetter wrote:
> This mail expands on a mail I had sent to cyrus-sasl at lists.andrew.cmu.edu a
> few days ago. I spent the last days testing this and I believe I have found a
> bug.

The likelihood that a bug is in the ldapdb code is about zero.

> Version:    Cyrus SASL 2.1.22
> OS:         CentOS (also tested and verified on Ubuntu and OpenSuse)
> Descrition: Entries that successfully can be authenticated using the
>             ldapwhoami command can only partially be authenticated using the
>             Cyrus SASL ldapdb-plugin.

> Steps to reproduce:
> (All files are available for download at
> <http://www.state-of-mind.de/bugreport_cyrus-sasl-2.1.22.tgz>)

Since you've gone to the trouble of packaging this up, you should also have 
included an extract from the slapd debug log taken from running the sample- 
authentication.
> 
> 1. Install configuration as provided by bugreport_cyrus-sasl-2.1.22.tgz.
> 2. Use ldapwhoami to verify authentication:
> 
>     [root at netinstall ldap]# ldapwhoami -U a -w a
>     SASL/DIGEST-MD5 authentication started
>     SASL username: a
>     SASL SSF: 128
>     SASL installing layers
>     dn:uid=a,ou=people,dc=example,dc=com
>     Result: Success (0)
> 
>     [root at netinstall ldap]# ldapwhoami -U b -w b
>     SASL/DIGEST-MD5 authentication started
>     SASL username: b
>     SASL SSF: 128
>     SASL installing layers
>     dn:uid=b,ou=people,dc=example,dc=com
>     Result: Success (0)

Neither of these commands reflects what the ldapdb plugin does. To test that 
you first need to test e.g.
	ldapwhoami -U proxyuser -X a
-- 
   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP     http://www.openldap.org/project/


More information about the Cyrus-sasl mailing list