Bug 240904

Summary: libuser can't use SASL/GSSAPI with LDAP
Product: [Fedora] Fedora Reporter: Simo Sorce <ssorce>
Component: libuserAssignee: Miloslav Trmač <mitr>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 0.56.3-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-06-09 17:32:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 244231    
Attachments:
Description Flags
Enable Selection of SASL Mechanisms none

Description Simo Sorce 2007-05-22 19:17:52 UTC 
Description of problem:
libuser in its current form can't use GSSAPI as SASL Mechanism when using SASL
to authenticate against an LDAP server.

Version-Release number of selected component (if applicable):
0.56

How reproducible:
always

Steps to Reproduce:
1. Setup an LDAP server that uses GSSAPI (Kerberos) authentication
2. Setup libuser to connect to thet server and do not provide any
bindn or password (unnecessary with GSSAPI)
3. Run libuser against the ldap server and try to create a user.
  
Actual results:
No way is provided to select a SASL Mechanism.


Expected results:
A way to specify GSSAPI as a mechanism to use.

Additional info:
The attached patch let libuser use GSSAPI as a SASL mechanism.
This is provided setting the bindtype in [ldap] to SASL/GSSAPI instead of just
SASL. Other SASL mechanisms should work by specifing them the same way.
Only SASL/GSSAPI has been tested after applying this patch.
Comment 1 Simo Sorce 2007-05-22 19:17:52 UTC 
Created attachment 155191 [details]
Enable Selection of SASL Mechanisms
Comment 2 Miloslav Trmač 2007-05-22 19:33:43 UTC 
<mitr> simo: Thanks for the patch - I just wonder why the changes of
ldap/bindtype and ldap/user defaults are necessary.
<simo> mitr, bindtype) you need to tell the SASL library which SASL Mechanism
you want to use
<simo> mitr, user) you were forcing the user to be "user", but left blank the
SASL library will come up with user@REALM which is the right one
<simo> (at least for GSSAPI)
<mitr> simo: What's wrong with trying both simple and sasl by default?
<simo> mitr, oh that, nothing I was testing and removed sasl, you can put that
back if you want
<mitr> simo: Thanks a lot.  May I paste the above to the bug report?
<simo> mikeb, but just "sasl" is almost meaningless if you don't specify which
sasl mechanism you want to use
<simo> mitr, of course go ahed
Comment 3 Miloslav Trmač 2007-06-09 17:32:48 UTC 
Thanks, applied in libuser-0.56.3-1.