480642 – HPUX: Server to Server SASL - Unknown Authentication Method

Bug 480642 - HPUX: Server to Server SASL - Unknown Authentication Method

Summary: HPUX: Server to Server SASL - Unknown Authentication Method

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Directory Server
Classification:	Red Hat
Component:	Security - SASL
Sub Component:
Version:	8.1
Hardware:	All
OS:	Other
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Rich Megginson
QA Contact:	Chandrasekar Kannan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	249650 FDS1.2.0
TreeView+	depends on / blocked

Reported:	2009-01-19 16:35 UTC by Jenny Severance
Modified:	2015-01-04 23:36 UTC (History)
CC List:	2 users (show)
Fixed In Version:	8.1
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-04-29 23:09:35 UTC
Target Upstream Version:

Attachments	(Terms of Use)
diffs (4.17 KB, patch) 2009-02-04 15:57 UTC, Rich Megginson	no flags	Details \| Diff
cvs commit log (163 bytes, text/plain) 2009-02-04 18:22 UTC, Rich Megginson	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

Description Jenny Severance 2009-01-19 16:35:57 UTC

Description of problem:
Server to Server connections SASL binds on HPUS are failing with the following error message:

initialize_consumer: status: dn: cn=S1 to C1,cn=replica,cn="o=sasl.net",cn=mapping tree,cn=config nsds5replicalastinitstatus: 86  - LDAP error: Unknown authentication method 

Version-Release number of selected component (if applicable):


How reproducible:
always

Steps to Reproduce:
1. Install two servers on HPUX - setup replication with nsds5ReplicaBindMethod of DIGEST-MD5 and LDAP | SSL | TLS as nsds5ReplicaTransportInfo
2. View errors log
  
Actual results:
server to server bind fails with Unknown authentication method

Expected results:
successful bind and replication

Additional info:

GSSAPI as nsds5ReplicaBindMethod also fails with same error message.

Comment 1 Rich Megginson 2009-02-04 15:57:10 UTC

Created attachment 330875 [details]
diffs

Comment 2 Rich Megginson 2009-02-04 18:22:06 UTC

Created attachment 330899 [details]
cvs commit log

Reviewed by: nkinder (Thanks!)
Fix Description: On some platforms, we do not install the sasl auth method plugins in a standard location, so we have the nsslapd-saslpath config setting to provide that location in a CB_GETPATH callback provided to sasl_server_init.  This works fine for being a SASL server.  However, to be an LDAP SASL client, we have to provide that callback to sasl_client_init too.  This call happens the first time the mozldap client library is initialized.  mozldap has a hardcoded list of sasl callbacks it provides, and does not allow callers to augment that list.  So, we simply replace the list with one that contains the CB_GETPATH callback.
Platforms tested: HP-UX 11.23 64-bit
Flag Day: no
Doc impact: no

Comment 3 Jenny Severance 2009-04-01 18:42:10 UTC

fix verified HP-UX - DS 8.1 covered by Server to Server SASL automated acceptance tests.

Comment 4 Chandrasekar Kannan 2009-04-29 23:09:35 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-0455.html

Note You need to log in before you can comment on or make changes to this bug.