Description of problem: Server to Server connections SASL binds on HPUS are failing with the following error message: initialize_consumer: status: dn: cn=S1 to C1,cn=replica,cn="o=sasl.net",cn=mapping tree,cn=config nsds5replicalastinitstatus: 86 - LDAP error: Unknown authentication method Version-Release number of selected component (if applicable): How reproducible: always Steps to Reproduce: 1. Install two servers on HPUX - setup replication with nsds5ReplicaBindMethod of DIGEST-MD5 and LDAP | SSL | TLS as nsds5ReplicaTransportInfo 2. View errors log Actual results: server to server bind fails with Unknown authentication method Expected results: successful bind and replication Additional info: GSSAPI as nsds5ReplicaBindMethod also fails with same error message.
Created attachment 330875 [details] diffs
Created attachment 330899 [details] cvs commit log Reviewed by: nkinder (Thanks!) Fix Description: On some platforms, we do not install the sasl auth method plugins in a standard location, so we have the nsslapd-saslpath config setting to provide that location in a CB_GETPATH callback provided to sasl_server_init. This works fine for being a SASL server. However, to be an LDAP SASL client, we have to provide that callback to sasl_client_init too. This call happens the first time the mozldap client library is initialized. mozldap has a hardcoded list of sasl callbacks it provides, and does not allow callers to augment that list. So, we simply replace the list with one that contains the CB_GETPATH callback. Platforms tested: HP-UX 11.23 64-bit Flag Day: no Doc impact: no
fix verified HP-UX - DS 8.1 covered by Server to Server SASL automated acceptance tests.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-0455.html