Red Hat Bugzilla – Bug 240904
libuser can't use SASL/GSSAPI with LDAP
Last modified: 2007-11-30 17:12:05 EST
Description of problem: libuser in its current form can't use GSSAPI as SASL Mechanism when using SASL to authenticate against an LDAP server. Version-Release number of selected component (if applicable): 0.56 How reproducible: always Steps to Reproduce: 1. Setup an LDAP server that uses GSSAPI (Kerberos) authentication 2. Setup libuser to connect to thet server and do not provide any bindn or password (unnecessary with GSSAPI) 3. Run libuser against the ldap server and try to create a user. Actual results: No way is provided to select a SASL Mechanism. Expected results: A way to specify GSSAPI as a mechanism to use. Additional info: The attached patch let libuser use GSSAPI as a SASL mechanism. This is provided setting the bindtype in [ldap] to SASL/GSSAPI instead of just SASL. Other SASL mechanisms should work by specifing them the same way. Only SASL/GSSAPI has been tested after applying this patch.
Created attachment 155191 [details] Enable Selection of SASL Mechanisms
<mitr> simo: Thanks for the patch - I just wonder why the changes of ldap/bindtype and ldap/user defaults are necessary. <simo> mitr, bindtype) you need to tell the SASL library which SASL Mechanism you want to use <simo> mitr, user) you were forcing the user to be "user", but left blank the SASL library will come up with user@REALM which is the right one <simo> (at least for GSSAPI) <mitr> simo: What's wrong with trying both simple and sasl by default? <simo> mitr, oh that, nothing I was testing and removed sasl, you can put that back if you want <mitr> simo: Thanks a lot. May I paste the above to the bug report? <simo> mikeb, but just "sasl" is almost meaningless if you don't specify which sasl mechanism you want to use <simo> mitr, of course go ahed
Thanks, applied in libuser-0.56.3-1.