Red Hat Bugzilla – Bug 240904
libuser can't use SASL/GSSAPI with LDAP
Last modified: 2007-11-30 17:12:05 EST
Description of problem:
libuser in its current form can't use GSSAPI as SASL Mechanism when using SASL
to authenticate against an LDAP server.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Setup an LDAP server that uses GSSAPI (Kerberos) authentication
2. Setup libuser to connect to thet server and do not provide any
bindn or password (unnecessary with GSSAPI)
3. Run libuser against the ldap server and try to create a user.
No way is provided to select a SASL Mechanism.
A way to specify GSSAPI as a mechanism to use.
The attached patch let libuser use GSSAPI as a SASL mechanism.
This is provided setting the bindtype in [ldap] to SASL/GSSAPI instead of just
SASL. Other SASL mechanisms should work by specifing them the same way.
Only SASL/GSSAPI has been tested after applying this patch.
Created attachment 155191 [details]
Enable Selection of SASL Mechanisms
<mitr> simo: Thanks for the patch - I just wonder why the changes of
ldap/bindtype and ldap/user defaults are necessary.
<simo> mitr, bindtype) you need to tell the SASL library which SASL Mechanism
you want to use
<simo> mitr, user) you were forcing the user to be "user", but left blank the
SASL library will come up with user@REALM which is the right one
<simo> (at least for GSSAPI)
<mitr> simo: What's wrong with trying both simple and sasl by default?
<simo> mitr, oh that, nothing I was testing and removed sasl, you can put that
back if you want
<mitr> simo: Thanks a lot. May I paste the above to the bug report?
<simo> mikeb, but just "sasl" is almost meaningless if you don't specify which
sasl mechanism you want to use
<simo> mitr, of course go ahed
Thanks, applied in libuser-0.56.3-1.