Bug 480642 - HPUX: Server to Server SASL - Unknown Authentication Method
HPUX: Server to Server SASL - Unknown Authentication Method
Status: CLOSED CURRENTRELEASE
Product: Red Hat Directory Server
Classification: Red Hat
Component: Security - SASL (Show other bugs)
8.1
All Other
high Severity high
: ---
: ---
Assigned To: Rich Megginson
Chandrasekar Kannan
:
Depends On:
Blocks: 249650 FDS1.2.0
  Show dependency treegraph
 
Reported: 2009-01-19 11:35 EST by Jenny Galipeau
Modified: 2015-01-04 18:36 EST (History)
2 users (show)

See Also:
Fixed In Version: 8.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-04-29 19:09:35 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
diffs (4.17 KB, patch)
2009-02-04 10:57 EST, Rich Megginson
no flags Details | Diff
cvs commit log (163 bytes, text/plain)
2009-02-04 13:22 EST, Rich Megginson
no flags Details

  None (edit)
Description Jenny Galipeau 2009-01-19 11:35:57 EST
Description of problem:
Server to Server connections SASL binds on HPUS are failing with the following error message:

initialize_consumer: status: dn: cn=S1 to C1,cn=replica,cn="o=sasl.net",cn=mapping tree,cn=config nsds5replicalastinitstatus: 86  - LDAP error: Unknown authentication method 

Version-Release number of selected component (if applicable):


How reproducible:
always

Steps to Reproduce:
1. Install two servers on HPUX - setup replication with nsds5ReplicaBindMethod of DIGEST-MD5 and LDAP | SSL | TLS as nsds5ReplicaTransportInfo
2. View errors log
  
Actual results:
server to server bind fails with Unknown authentication method

Expected results:
successful bind and replication

Additional info:

GSSAPI as nsds5ReplicaBindMethod also fails with same error message.
Comment 1 Rich Megginson 2009-02-04 10:57:10 EST
Created attachment 330875 [details]
diffs
Comment 2 Rich Megginson 2009-02-04 13:22:06 EST
Created attachment 330899 [details]
cvs commit log

Reviewed by: nkinder (Thanks!)
Fix Description: On some platforms, we do not install the sasl auth method plugins in a standard location, so we have the nsslapd-saslpath config setting to provide that location in a CB_GETPATH callback provided to sasl_server_init.  This works fine for being a SASL server.  However, to be an LDAP SASL client, we have to provide that callback to sasl_client_init too.  This call happens the first time the mozldap client library is initialized.  mozldap has a hardcoded list of sasl callbacks it provides, and does not allow callers to augment that list.  So, we simply replace the list with one that contains the CB_GETPATH callback.
Platforms tested: HP-UX 11.23 64-bit
Flag Day: no
Doc impact: no
Comment 3 Jenny Galipeau 2009-04-01 14:42:10 EDT
fix verified HP-UX - DS 8.1 covered by Server to Server SASL automated acceptance tests.
Comment 4 Chandrasekar Kannan 2009-04-29 19:09:35 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-0455.html

Note You need to log in before you can comment on or make changes to this bug.