Bug 221229

Summary: EXTERNAL should not be advertised unless useful
Product: Red Hat Enterprise Linux 7 Reporter: Andrew Bartlett <abartlet>
Component: 389-ds-baseAssignee: Rich Megginson <rmeggins>
Status: CLOSED WONTFIX QA Contact: Viktor Ashirov <vashirov>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.2CC: jgalipea, nalin, nhosoi, nkinder, rmeggins
Target Milestone: pre-dev-freeze   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-03-17 17:33:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 495079, 512820, 690319    

Description Andrew Bartlett 2007-01-03 01:19:03 UTC 
Description of problem:
The EXTERNAL SASL mech should only be advertised to clients if the server has a
useful mapping to attach it to.  For example, if SSL client certificate matching
is configured, or if ldapi:// support is implemented, and getpeername() is
available.

Version-Release number of selected component (if applicable):
Fedora DS 1.0.4

How reproducible:
Every time

Steps to Reproduce:
1. Setup a default install of fedora DS
2. Search the rootDSE for supportedSASLMechs on an ldap://, not TLS connection
3. Notice that EXTERNAL is listed
  
Actual results:
supportedsaslmechanisms: EXTERNAL
...

Expected results:
This should not appear

Additional info:

Apparenetly already pointed out by Howard Chu, OpenLDAP has the correct behaviour.
Comment 1 Chandrasekar Kannan 2007-07-25 19:11:32 UTC 
DS7.2 is not a valid milestone anymore. Anything thats set to DS7.2 should be
set to DS8.0. Will make further changes per bug council on 07/24/2007, after this.
Comment 7 Rich Megginson 2009-04-09 18:54:26 UTC 
Falls under the category of RFC correctness
Comment 9 Rich Megginson 2012-01-09 19:28:19 UTC 
Upstream ticket:
https://fedorahosted.org/389/ticket/220
Comment 12 Noriko Hosoi 2016-03-17 17:33:06 UTC 
Per triage: No plan to fix this in the short term.