Bug 480642 - HPUX: Server to Server SASL - Unknown Authentication Method
Summary: HPUX: Server to Server SASL - Unknown Authentication Method
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Directory Server
Classification: Red Hat
Component: Security - SASL
Version: 8.1
Hardware: All
OS: Other
high
high
Target Milestone: ---
: ---
Assignee: Rich Megginson
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 249650 FDS1.2.0
TreeView+ depends on / blocked
 
Reported: 2009-01-19 16:35 UTC by Jenny Severance
Modified: 2015-01-04 23:36 UTC (History)
2 users (show)

Fixed In Version: 8.1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-04-29 23:09:35 UTC


Attachments (Terms of Use)
diffs (4.17 KB, patch)
2009-02-04 15:57 UTC, Rich Megginson
no flags Details | Diff
cvs commit log (163 bytes, text/plain)
2009-02-04 18:22 UTC, Rich Megginson
no flags Details

Description Jenny Severance 2009-01-19 16:35:57 UTC
Description of problem:
Server to Server connections SASL binds on HPUS are failing with the following error message:

initialize_consumer: status: dn: cn=S1 to C1,cn=replica,cn="o=sasl.net",cn=mapping tree,cn=config nsds5replicalastinitstatus: 86  - LDAP error: Unknown authentication method 

Version-Release number of selected component (if applicable):


How reproducible:
always

Steps to Reproduce:
1. Install two servers on HPUX - setup replication with nsds5ReplicaBindMethod of DIGEST-MD5 and LDAP | SSL | TLS as nsds5ReplicaTransportInfo
2. View errors log
  
Actual results:
server to server bind fails with Unknown authentication method

Expected results:
successful bind and replication

Additional info:

GSSAPI as nsds5ReplicaBindMethod also fails with same error message.

Comment 1 Rich Megginson 2009-02-04 15:57:10 UTC
Created attachment 330875 [details]
diffs

Comment 2 Rich Megginson 2009-02-04 18:22:06 UTC
Created attachment 330899 [details]
cvs commit log

Reviewed by: nkinder (Thanks!)
Fix Description: On some platforms, we do not install the sasl auth method plugins in a standard location, so we have the nsslapd-saslpath config setting to provide that location in a CB_GETPATH callback provided to sasl_server_init.  This works fine for being a SASL server.  However, to be an LDAP SASL client, we have to provide that callback to sasl_client_init too.  This call happens the first time the mozldap client library is initialized.  mozldap has a hardcoded list of sasl callbacks it provides, and does not allow callers to augment that list.  So, we simply replace the list with one that contains the CB_GETPATH callback.
Platforms tested: HP-UX 11.23 64-bit
Flag Day: no
Doc impact: no

Comment 3 Jenny Severance 2009-04-01 18:42:10 UTC
fix verified HP-UX - DS 8.1 covered by Server to Server SASL automated acceptance tests.

Comment 4 Chandrasekar Kannan 2009-04-29 23:09:35 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-0455.html


Note You need to log in before you can comment on or make changes to this bug.