POSSIBLE BUG: Cyrus SASL 2.1.22: ldapdb
Howard Chu
hyc at highlandsun.com
Sun Aug 19 05:23:05 EDT 2007
Patrick Ben Koetter wrote:
> This mail expands on a mail I had sent to cyrus-sasl at lists.andrew.cmu.edu a
> few days ago. I spent the last days testing this and I believe I have found a
> bug.
The likelihood that a bug is in the ldapdb code is about zero.
> Version: Cyrus SASL 2.1.22
> OS: CentOS (also tested and verified on Ubuntu and OpenSuse)
> Descrition: Entries that successfully can be authenticated using the
> ldapwhoami command can only partially be authenticated using the
> Cyrus SASL ldapdb-plugin.
> Steps to reproduce:
> (All files are available for download at
> <http://www.state-of-mind.de/bugreport_cyrus-sasl-2.1.22.tgz>)
Since you've gone to the trouble of packaging this up, you should also have
included an extract from the slapd debug log taken from running the sample-
authentication.
>
> 1. Install configuration as provided by bugreport_cyrus-sasl-2.1.22.tgz.
> 2. Use ldapwhoami to verify authentication:
>
> [root at netinstall ldap]# ldapwhoami -U a -w a
> SASL/DIGEST-MD5 authentication started
> SASL username: a
> SASL SSF: 128
> SASL installing layers
> dn:uid=a,ou=people,dc=example,dc=com
> Result: Success (0)
>
> [root at netinstall ldap]# ldapwhoami -U b -w b
> SASL/DIGEST-MD5 authentication started
> SASL username: b
> SASL SSF: 128
> SASL installing layers
> dn:uid=b,ou=people,dc=example,dc=com
> Result: Success (0)
Neither of these commands reflects what the ldapdb plugin does. To test that
you first need to test e.g.
ldapwhoami -U proxyuser -X a
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the Cyrus-sasl
mailing list