LDAP issue with SASL 2.1.26

Bill MacAllister whm at stanford.edu
Mon Dec 2 16:55:34 EST 2013



--On Monday, December 02, 2013 01:14:24 PM -0800 Sergey Emantayev <sergeem at yahoo.com> wrote:

> Hello,
>
> We successfully use OpenLDAP C SDK 2.4.36 integrated with Cyrus-SASL
> 2.1.23. Recently we have upgraded Cyrus-SASL to 2.1.26 and
> encountering the next issue.
>
> LDAP search consistently fails. We analyzed this issue and found the
> following behavior.
>
> When we use OpenLDAP with Cyrus-SASL 2.1.23 the LDAP Message Search
> Request payload is wrapped in GSS-API payload.
>
> When we use OpenLDAP with Cyrus-SASL 2.1.26 the LDAP Message Search
> Request payload is not wrapped in GSS-API payload at all. LDAP
> Search Request looks like clear text LDAP Search Request and not
> like LDAP SASL Search Request.
>
> In both cases - with Cyrus-SASL 2.1.23 and with Cyrus-SASL 2.1.26 –
> LDAP SASL Bind succeeds and LDAP SASL bindResponse looks identical
> with Cyrus-SASL 2.1.23 and with Cyrus-SASL 2.1.26.
>
> Please advise how to troubleshoot the issue.

When I tried using 2.1.26 I had to set minssf to get it to work.  Here
is the setting that we are currently using.

  olcSaslSecProps: minssf=1,noplain,noanonymous

Bill

-- 

Bill MacAllister
Infrastructure Delivery Group, Stanford University



More information about the Cyrus-sasl mailing list