Bug 221229 - EXTERNAL should not be advertised unless useful
EXTERNAL should not be advertised unless useful
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base (Show other bugs)
7.2
All Linux
medium Severity medium
: pre-dev-freeze
: ---
Assigned To: Rich Megginson
Viktor Ashirov
:
Depends On:
Blocks: 389_1.3.0 512820 690319
  Show dependency treegraph
 
Reported: 2007-01-02 20:19 EST by Andrew Bartlett
Modified: 2016-03-17 13:33 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-03-17 13:33:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andrew Bartlett 2007-01-02 20:19:03 EST
Description of problem:
The EXTERNAL SASL mech should only be advertised to clients if the server has a
useful mapping to attach it to.  For example, if SSL client certificate matching
is configured, or if ldapi:// support is implemented, and getpeername() is
available.

Version-Release number of selected component (if applicable):
Fedora DS 1.0.4

How reproducible:
Every time

Steps to Reproduce:
1. Setup a default install of fedora DS
2. Search the rootDSE for supportedSASLMechs on an ldap://, not TLS connection
3. Notice that EXTERNAL is listed
  
Actual results:
supportedsaslmechanisms: EXTERNAL
...

Expected results:
This should not appear

Additional info:

Apparenetly already pointed out by Howard Chu, OpenLDAP has the correct behaviour.
Comment 1 Chandrasekar Kannan 2007-07-25 15:11:32 EDT
DS7.2 is not a valid milestone anymore. Anything thats set to DS7.2 should be
set to DS8.0. Will make further changes per bug council on 07/24/2007, after this.
Comment 7 Rich Megginson 2009-04-09 14:54:26 EDT
Falls under the category of RFC correctness
Comment 9 Rich Megginson 2012-01-09 14:28:19 EST
Upstream ticket:
https://fedorahosted.org/389/ticket/220
Comment 12 Noriko Hosoi 2016-03-17 13:33:06 EDT
Per triage: No plan to fix this in the short term.

Note You need to log in before you can comment on or make changes to this bug.