Bug 221229 - EXTERNAL should not be advertised unless useful
Summary: EXTERNAL should not be advertised unless useful
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base (Show other bugs)
(Show other bugs)
Version: 7.2
Hardware: All Linux
Target Milestone: pre-dev-freeze
: ---
Assignee: Rich Megginson
QA Contact: Viktor Ashirov
Depends On:
Blocks: 389_1.3.0 512820 690319
TreeView+ depends on / blocked
Reported: 2007-01-03 01:19 UTC by Andrew Bartlett
Modified: 2016-03-17 17:33 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-03-17 17:33:06 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Andrew Bartlett 2007-01-03 01:19:03 UTC
Description of problem:
The EXTERNAL SASL mech should only be advertised to clients if the server has a
useful mapping to attach it to.  For example, if SSL client certificate matching
is configured, or if ldapi:// support is implemented, and getpeername() is

Version-Release number of selected component (if applicable):
Fedora DS 1.0.4

How reproducible:
Every time

Steps to Reproduce:
1. Setup a default install of fedora DS
2. Search the rootDSE for supportedSASLMechs on an ldap://, not TLS connection
3. Notice that EXTERNAL is listed
Actual results:
supportedsaslmechanisms: EXTERNAL

Expected results:
This should not appear

Additional info:

Apparenetly already pointed out by Howard Chu, OpenLDAP has the correct behaviour.

Comment 1 Chandrasekar Kannan 2007-07-25 19:11:32 UTC
DS7.2 is not a valid milestone anymore. Anything thats set to DS7.2 should be
set to DS8.0. Will make further changes per bug council on 07/24/2007, after this.

Comment 7 Rich Megginson 2009-04-09 18:54:26 UTC
Falls under the category of RFC correctness

Comment 9 Rich Megginson 2012-01-09 19:28:19 UTC
Upstream ticket:

Comment 12 Noriko Hosoi 2016-03-17 17:33:06 UTC
Per triage: No plan to fix this in the short term.

Note You need to log in before you can comment on or make changes to this bug.