Bug 240904 - libuser can't use SASL/GSSAPI with LDAP
Summary: libuser can't use SASL/GSSAPI with LDAP
Alias: None
Product: Fedora
Classification: Fedora
Component: libuser   
(Show other bugs)
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Miloslav Trmač
QA Contact:
Depends On:
Blocks: 244231
TreeView+ depends on / blocked
Reported: 2007-05-22 19:17 UTC by Simo Sorce
Modified: 2007-11-30 22:12 UTC (History)
0 users

Fixed In Version: 0.56.3-1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-06-09 17:32:48 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Enable Selection of SASL Mechanisms (3.88 KB, patch)
2007-05-22 19:17 UTC, Simo Sorce
no flags Details | Diff

Description Simo Sorce 2007-05-22 19:17:52 UTC
Description of problem:
libuser in its current form can't use GSSAPI as SASL Mechanism when using SASL
to authenticate against an LDAP server.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Setup an LDAP server that uses GSSAPI (Kerberos) authentication
2. Setup libuser to connect to thet server and do not provide any
bindn or password (unnecessary with GSSAPI)
3. Run libuser against the ldap server and try to create a user.
Actual results:
No way is provided to select a SASL Mechanism.

Expected results:
A way to specify GSSAPI as a mechanism to use.

Additional info:
The attached patch let libuser use GSSAPI as a SASL mechanism.
This is provided setting the bindtype in [ldap] to SASL/GSSAPI instead of just
SASL. Other SASL mechanisms should work by specifing them the same way.
Only SASL/GSSAPI has been tested after applying this patch.

Comment 1 Simo Sorce 2007-05-22 19:17:52 UTC
Created attachment 155191 [details]
Enable Selection of SASL Mechanisms

Comment 2 Miloslav Trmač 2007-05-22 19:33:43 UTC
<mitr> simo: Thanks for the patch - I just wonder why the changes of
ldap/bindtype and ldap/user defaults are necessary.
<simo> mitr, bindtype) you need to tell the SASL library which SASL Mechanism
you want to use
<simo> mitr, user) you were forcing the user to be "user", but left blank the
SASL library will come up with user@REALM which is the right one
<simo> (at least for GSSAPI)
<mitr> simo: What's wrong with trying both simple and sasl by default?
<simo> mitr, oh that, nothing I was testing and removed sasl, you can put that
back if you want
<mitr> simo: Thanks a lot.  May I paste the above to the bug report?
<simo> mikeb, but just "sasl" is almost meaningless if you don't specify which
sasl mechanism you want to use
<simo> mitr, of course go ahed

Comment 3 Miloslav Trmač 2007-06-09 17:32:48 UTC
Thanks, applied in libuser-0.56.3-1.

Note You need to log in before you can comment on or make changes to this bug.