Bug 480642 - HPUX: Server to Server SASL - Unknown Authentication Method
Summary: HPUX: Server to Server SASL - Unknown Authentication Method
Alias: None
Product: Red Hat Directory Server
Classification: Red Hat
Component: Security - SASL
Version: 8.1
Hardware: All
OS: Other
Target Milestone: ---
: ---
Assignee: Rich Megginson
QA Contact: Chandrasekar Kannan
Depends On:
Blocks: 249650 FDS1.2.0
TreeView+ depends on / blocked
Reported: 2009-01-19 16:35 UTC by Jenny Severance
Modified: 2015-01-04 23:36 UTC (History)
2 users (show)

Fixed In Version: 8.1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2009-04-29 23:09:35 UTC
Target Upstream Version:

Attachments (Terms of Use)
diffs (4.17 KB, patch)
2009-02-04 15:57 UTC, Rich Megginson
no flags Details | Diff
cvs commit log (163 bytes, text/plain)
2009-02-04 18:22 UTC, Rich Megginson
no flags Details

Description Jenny Severance 2009-01-19 16:35:57 UTC
Description of problem:
Server to Server connections SASL binds on HPUS are failing with the following error message:

initialize_consumer: status: dn: cn=S1 to C1,cn=replica,cn="o=sasl.net",cn=mapping tree,cn=config nsds5replicalastinitstatus: 86  - LDAP error: Unknown authentication method 

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Install two servers on HPUX - setup replication with nsds5ReplicaBindMethod of DIGEST-MD5 and LDAP | SSL | TLS as nsds5ReplicaTransportInfo
2. View errors log
Actual results:
server to server bind fails with Unknown authentication method

Expected results:
successful bind and replication

Additional info:

GSSAPI as nsds5ReplicaBindMethod also fails with same error message.

Comment 1 Rich Megginson 2009-02-04 15:57:10 UTC
Created attachment 330875 [details]

Comment 2 Rich Megginson 2009-02-04 18:22:06 UTC
Created attachment 330899 [details]
cvs commit log

Reviewed by: nkinder (Thanks!)
Fix Description: On some platforms, we do not install the sasl auth method plugins in a standard location, so we have the nsslapd-saslpath config setting to provide that location in a CB_GETPATH callback provided to sasl_server_init.  This works fine for being a SASL server.  However, to be an LDAP SASL client, we have to provide that callback to sasl_client_init too.  This call happens the first time the mozldap client library is initialized.  mozldap has a hardcoded list of sasl callbacks it provides, and does not allow callers to augment that list.  So, we simply replace the list with one that contains the CB_GETPATH callback.
Platforms tested: HP-UX 11.23 64-bit
Flag Day: no
Doc impact: no

Comment 3 Jenny Severance 2009-04-01 18:42:10 UTC
fix verified HP-UX - DS 8.1 covered by Server to Server SASL automated acceptance tests.

Comment 4 Chandrasekar Kannan 2009-04-29 23:09:35 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.