Red Hat Bugzilla – Bug 479253
Configuring Server to Server GSSAPI over SSL - Need better Error Message
Last modified: 2015-01-04 18:35:46 EST
Description of problem:
SASL/GSSAPI over SSL for replication bind is not supported, but you can configure replication agreements and initialize consumers with this configuration. The bind fails and subsequently replication - but the errors in the errors log is too vague to know what the problem is.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install two servers.
2. Configure replication agreement to bind with SASL/GSSAPI over SSL
3. View errors logs
Bind and replication fails with the following error:
Error: could not perform interactive bind for id [cn=replication manager,cn=config] mech [GSSAPI]: error 81
Better error message stating that GSSAPI is not supported over SSL.
Created attachment 330144 [details]
Created attachment 330166 [details]
cvs commit log
Reviewed by: nkinder (Thanks!)
Fix Description: If the user attempts to set the bind mech to GSSAPI, and a secure transport is being used, the server will return LDAP_UNWILLING_TO_PERFORM and provide a useful error message. Same if GSSAPI is being used and the user attempts to use a secure transport.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
fix verified DS 8.1 and regression being tested by Server to Server SASL automated acceptance tests on all platforms.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.