The server does not allow you to re-bind using SASL on the same connection. For example, If I bind and authenticate to the server using DIGEST-MD5, then do another SASL bind using DIGEST-MD5, the server will return an error 49. It should allow me to do this.
Created attachment 125910 [details] CVS Diffs These changes dispose of and create a new server-side SASL context when you re-bind using SASL.
Created attachment 126078 [details] Revised Diffs Revised the fix to deal with the case where the SASL mechanism is changed in the middle of an uncompleted SASL bind operation.
Created attachment 126115 [details] Revised Diffs An additional change was needed to reset the IO function pointers of the connection before disposing of the sasl context. This requires us to lock pb->pb_conn.
Checked into HEAD. Reviewed by Rich, Pete, and Noriko. Checking in saslbind.c; /cvs/dirsec/ldapserver/ldap/servers/slapd/saslbind.c,v <-- saslbind.c new revision: 1.15; previous revision: 1.14 done Checking in slap.h; /cvs/dirsec/ldapserver/ldap/servers/slapd/slap.h,v <-- slap.h new revision: 1.12; previous revision: 1.11 done
Created attachment 126117 [details] Additional Diff Rich suggested a modification to the location where we aquire the connection lock. This diff has that additional change. The change has been checked into HEAD. Checking in saslbind.c; /cvs/dirsec/ldapserver/ldap/servers/slapd/saslbind.c,v <-- saslbind.c new revision: 1.16; previous revision: 1.15 done
Somehow the errata system did not automatically close these bugs even though DS SP 2 is shipped and available live on RHN
trying to manually close
trying again
*** Bug 195331 has been marked as a duplicate of this bug. ***