im not sure this is a legit problem or an issue with how MS deals with sasl/gssapi...
changes for cyrus.c 1.112.2.6 to 1.112.2.7 break sasl/gssapi binds to AD (vers 2.3.8 and up, at least for me). if i roll back to 1.112.2.6 in 2.3.11, everything builds ok and ldapsearch/sasl/gssapi to AD work. looking at the diff, there is memory cleanup as well as some changes to checking the values provided by scred following a call to ldap_sasl_bind_s. adding back in the mem cleanup and the first reorder of the if statements and rebuilding, sasl/gssapi still works. changing the second if statement results in (this change is after seeing if the rc and saslrc are OK): SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) in the older if statement, (scred && scred->bv_len) evaluates to false, and LDAP_LOCAL_ERROR is not returned. with the change, (scred) evals to true and LDAP_LOCAL_ERROR is set, which is why i see the failure. i have run ldapsearch -d 1 and can provide the results... Network/Systems Engineer www.g1.com Here is a really great OS www.freebsd.org checkout also: www.openbsd.org www.dragonflybsd.org www.netbsd.org NOTICE: This E-mail may contain confidential information. If you are not the addressee or the intended recipient please do not read this E-mail and please immediately delete this e-mail message and any attachments from your workstation or network mail system. If you are the addressee or the intended recipient and you save or print a copy of this E-mail, please place it in an appropriate file, depending on whether confidential information is contained in the message.
