It might be an AD setting (enforcing SSL). But does it make sense to use
SASL/GSSAPI encryption on top of SSL ?
An option would be definitely the best.
Thank you
Markus
"Quanah Gibson-Mount" <[email protected]> wrote in message
news:e016e53a28e2feb16294f...@[192.168.1.199]...
--On Sunday, November 15, 2009 9:09 PM +0000 Markus Moeller
<[email protected]> wrote:
I think this would fix it
I think AD must be broken and non RFC compliant. I've never had problems
using SASL/GSSAPI encryption at the same time as SSL/TLS encryption. It
wouldn't be the first time MS AD was broken in obvious ways.
For example, here is startTLS over ldap with SASL/GSSAPI encryption:
ldap1:/root# ldapsearch -ZZ -h ldap.stanford.edu -b "" -s base
SASL/GSSAPI authentication started
SASL username: [email protected]
SASL SSF: 56
SASL data security layer installed.
# extended LDIF
#
As such, I would suggest your patch as is be rejected. An option to
disable the SASL SSF should be supported though.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
