Description of problem: SASL/GSSAPI over SSL for replication bind is not supported, but you can configure replication agreements and initialize consumers with this configuration. The bind fails and subsequently replication - but the errors in the errors log is too vague to know what the problem is. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Install two servers. 2. Configure replication agreement to bind with SASL/GSSAPI over SSL 3. View errors logs Actual results: Bind and replication fails with the following error: Error: could not perform interactive bind for id [cn=replication manager,cn=config] mech [GSSAPI]: error 81 Expected results: Better error message stating that GSSAPI is not supported over SSL. Additional info:
Created attachment 330144 [details] diffs
Created attachment 330166 [details] cvs commit log Reviewed by: nkinder (Thanks!) Fix Description: If the user attempts to set the bind mech to GSSAPI, and a secure transport is being used, the server will return LDAP_UNWILLING_TO_PERFORM and provide a useful error message. Same if GSSAPI is being used and the user attempts to use a secure transport. Platforms tested: RHEL5 Flag Day: no Doc impact: no
fix verified DS 8.1 and regression being tested by Server to Server SASL automated acceptance tests on all platforms.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-0455.html