From: "Josh Kelley" <[EMAIL PROTECTED]> Date: Fri, 8 Sep 2006 10:31:55 -0400
A question about LDAP standards: When attempting a SASL bind (CRAM-MD5) against an OpenLDAP server, if the server lacks the shared secret necessary to do CRAM-MD5 authentication, it returns resultCode 80 (other), error message "SASL(-13): user not found: no secret in database".
This is a bug in OpenLDAP releases older than 2.3.5, fixed in 2.3.6. The current version is 2.3.27.
When attempting the same bind against a Fedora Directory Server, if the server lacks the shared secret necessary to do CRAM-MD5 authentication, it returns resultCode 49 (invalidCredentials), error message "SASL(-13): authentication failure: incorrect digest response". OS X's LDAP client treats the two result codes differently; if it gets resultCode other, it falls back to simple authentication (which works), whereas if it gets resultCode invalidCredentials, it simply fails. Are there any standards covering what should be done in this case (i.e., if OpenLDAP or FDS is more correct)?
-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/ --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
