Red Hat Bugzilla – Bug 480642
HPUX: Server to Server SASL - Unknown Authentication Method
Last modified: 2015-01-04 18:36:02 EST
Description of problem:
Server to Server connections SASL binds on HPUS are failing with the following error message:
initialize_consumer: status: dn: cn=S1 to C1,cn=replica,cn="o=sasl.net",cn=mapping tree,cn=config nsds5replicalastinitstatus: 86 - LDAP error: Unknown authentication method
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install two servers on HPUX - setup replication with nsds5ReplicaBindMethod of DIGEST-MD5 and LDAP | SSL | TLS as nsds5ReplicaTransportInfo
2. View errors log
server to server bind fails with Unknown authentication method
successful bind and replication
GSSAPI as nsds5ReplicaBindMethod also fails with same error message.
Created attachment 330875 [details]
Created attachment 330899 [details]
cvs commit log
Reviewed by: nkinder (Thanks!)
Fix Description: On some platforms, we do not install the sasl auth method plugins in a standard location, so we have the nsslapd-saslpath config setting to provide that location in a CB_GETPATH callback provided to sasl_server_init. This works fine for being a SASL server. However, to be an LDAP SASL client, we have to provide that callback to sasl_client_init too. This call happens the first time the mozldap client library is initialized. mozldap has a hardcoded list of sasl callbacks it provides, and does not allow callers to augment that list. So, we simply replace the list with one that contains the CB_GETPATH callback.
Platforms tested: HP-UX 11.23 64-bit
Flag Day: no
Doc impact: no
fix verified HP-UX - DS 8.1 covered by Server to Server SASL automated acceptance tests.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.