741999 – SASL/PLAIN binds do not work

Bug 741999 - SASL/PLAIN binds do not work

Summary: SASL/PLAIN binds do not work

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	389
Classification:	Retired
Component:	Directory Server
Sub Component:
Version:	1.2.9
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Rich Megginson
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	389_1.3.0 690319 742054
TreeView+	depends on / blocked

Reported:	2011-09-28 18:36 UTC by Simo Sorce
Modified:	2015-12-10 18:42 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Clones:	742054 (view as bug list)
Environment:
Last Closed:	2015-12-10 18:42:23 UTC
Embargoed:

Attachments	(Terms of Use)

Description Simo Sorce 2011-09-28 18:36:19 UTC

I have tried to use a SASL/PLAIN bind in order to do binds with a user id that is not a DN.
Because SASL mappings can resolve an arbitrary uid into a DN I was hoping to use that to bind to a directory where anonymous searches are disabled (therefore the client can't use an anonymous bind to search the DN itself.

Unfortunately it appears the current DS code is not able to perform SASL/PLAIN authentication. Sasl mapping is incorrectly performed. It happens twice, the first time it properly maps the provided user name to a DN the second time it tries to map the found DN again as if it were a user name.

Rich says DS may no be able to properly provide SASL with callback to handle checking the password.

Comment 4 Martin Kosek 2012-01-04 13:20:56 UTC

Upstream ticket:
https://fedorahosted.org/389/ticket/27

Note You need to log in before you can comment on or make changes to this bug.