Bug 480642 - HPUX: Server to Server SASL - Unknown Authentication Method
HPUX: Server to Server SASL - Unknown Authentication Method
Product: Red Hat Directory Server
Classification: Red Hat
Component: Security - SASL (Show other bugs)
All Other
high Severity high
: ---
: ---
Assigned To: Rich Megginson
Chandrasekar Kannan
Depends On:
Blocks: 249650 FDS1.2.0
  Show dependency treegraph
Reported: 2009-01-19 11:35 EST by Jenny Galipeau
Modified: 2015-01-04 18:36 EST (History)
2 users (show)

See Also:
Fixed In Version: 8.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-04-29 19:09:35 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
diffs (4.17 KB, patch)
2009-02-04 10:57 EST, Rich Megginson
no flags Details | Diff
cvs commit log (163 bytes, text/plain)
2009-02-04 13:22 EST, Rich Megginson
no flags Details

  None (edit)
Description Jenny Galipeau 2009-01-19 11:35:57 EST
Description of problem:
Server to Server connections SASL binds on HPUS are failing with the following error message:

initialize_consumer: status: dn: cn=S1 to C1,cn=replica,cn="o=sasl.net",cn=mapping tree,cn=config nsds5replicalastinitstatus: 86  - LDAP error: Unknown authentication method 

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Install two servers on HPUX - setup replication with nsds5ReplicaBindMethod of DIGEST-MD5 and LDAP | SSL | TLS as nsds5ReplicaTransportInfo
2. View errors log
Actual results:
server to server bind fails with Unknown authentication method

Expected results:
successful bind and replication

Additional info:

GSSAPI as nsds5ReplicaBindMethod also fails with same error message.
Comment 1 Rich Megginson 2009-02-04 10:57:10 EST
Created attachment 330875 [details]
Comment 2 Rich Megginson 2009-02-04 13:22:06 EST
Created attachment 330899 [details]
cvs commit log

Reviewed by: nkinder (Thanks!)
Fix Description: On some platforms, we do not install the sasl auth method plugins in a standard location, so we have the nsslapd-saslpath config setting to provide that location in a CB_GETPATH callback provided to sasl_server_init.  This works fine for being a SASL server.  However, to be an LDAP SASL client, we have to provide that callback to sasl_client_init too.  This call happens the first time the mozldap client library is initialized.  mozldap has a hardcoded list of sasl callbacks it provides, and does not allow callers to augment that list.  So, we simply replace the list with one that contains the CB_GETPATH callback.
Platforms tested: HP-UX 11.23 64-bit
Flag Day: no
Doc impact: no
Comment 3 Jenny Galipeau 2009-04-01 14:42:10 EDT
fix verified HP-UX - DS 8.1 covered by Server to Server SASL automated acceptance tests.
Comment 4 Chandrasekar Kannan 2009-04-29 19:09:35 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.