Bug#273620: libldap2: auth failure using ldap
On Wed, Mar 09, 2005 at 11:29:58PM -, DrPizza wrote: If this means resolving whatever legal issues (by e.g. using gnutls instead of openssl) surely that's the price that has to be paid and the work that has to be done. Okay, so you are doing it? I already spend like 100 hours on this and it is still not ready. To implement this you need to - learn OpenSSL to understand what the TLS stuff in libldap is doing - learn about the logic of those LBER sockbuf communications layer used in libldap at least so much that you understand what's going on in tls.c - learn GnuTLS to make libldap support it - be very sure you are not doing a mistake in porting as there is only one thing worse than no security: the false feeling of security Waiting for your patches... Torsten PS: The server side was updated to fix the bunch of release critical bugs against the server side which is much more problematic than the client side so far. signature.asc Description: Digital signature
Bug#273620: libldap2: auth failure using ldap
Hi Peter, On Tue, Mar 08, 2005 at 11:15:55PM +, Peter Bright wrote: I'm using libnss-ldap/libpam-ldap against a Windows 2003 Active Directory Domain Controller. With SSL disabled in /etc/{libnss-,pam_}ldap.conf, all works as expected; I can authenticate, enumerate users, etc.. With SSL enabled (ssl on), I consistently (as in, every *single* time) receive the same error as in the initial report whenever any LDAP action is performed: /home/roland/debian/openldap/build/2.1.30/openldap2-2.1.30/libraries/libldap/cyrus.c:468: ldap_int_sasl_open: Assertion lc-lconn_sasl_ctx == ((void *)0)' failed. Bleargh. Sorry, can't say more about this at this time. Greetings Torsten signature.asc Description: Digital signature
Bug#273620: libldap2: auth failure using ldap
Maybe I'm missing something, but surely fixing the server-side portion is considerably less important than fixing the client libraries? I mean, clients will surely tend to number servers many times over; for every server user suffering due to the old version there's going to be many more client users also suffering. Further, the server is pretty standalone anyway and benefits least from the package management. If I want slapd 2.2 running I can easily install it from source. It's much more work to get libnss-ldap and pam-ldap and *everything else I want to be able to talk to my directory* upgraded, and it's this area where packaging really yields benefits. If this means resolving whatever legal issues (by e.g. using gnutls instead of openssl) surely that's the price that has to be paid and the work that has to be done. -Original Message- From: Torsten Landschoff [mailto:[EMAIL PROTECTED] Sent: 09 March 2005 07:51 To: DrPizza; [EMAIL PROTECTED] Subject: Re: Bug#273620: libldap2: auth failure using ldap Hi Peter, On Tue, Mar 08, 2005 at 11:15:55PM +, Peter Bright wrote: I'm using libnss-ldap/libpam-ldap against a Windows 2003 Active Directory Domain Controller. With SSL disabled in /etc/{libnss-,pam_}ldap.conf, all works as expected; I can authenticate, enumerate users, etc.. With SSL enabled (ssl on), I consistently (as in, every *single* time) receive the same error as in the initial report whenever any LDAP action is performed: /home/roland/debian/openldap/build/2.1.30/openldap2-2.1.30/lib raries/libldap/cyrus.c:468: ldap_int_sasl_open: Assertion lc-lconn_sasl_ctx == ((void *)0)' failed. Bleargh. Sorry, can't say more about this at this time. Greetings Torsten
Bug#273620: libldap2: auth failure using ldap
Package: libldap2 Version: 2.1.30-3 Followup-For: Bug #273620 I'm seeing the same problem, only I'm seeing it consistently. I'm using libnss-ldap/libpam-ldap against a Windows 2003 Active Directory Domain Controller. With SSL disabled in /etc/{libnss-,pam_}ldap.conf, all works as expected; I can authenticate, enumerate users, etc.. With SSL enabled (ssl on), I consistently (as in, every *single* time) receive the same error as in the initial report whenever any LDAP action is performed: /home/roland/debian/openldap/build/2.1.30/openldap2-2.1.30/libraries/libldap/cyrus.c:468: ldap_int_sasl_open: Assertion lc-lconn_sasl_ctx == ((void *)0)' failed. With TLS enabled (ssl starttls) I don't get the crash; I do however see hangs instead (with ldapsearch/libnss-ldap/etc.). Performing e.g. getent passwd spits out all the right information but then doesn't exit. It would seem to be a similar issue to #294200. This is resolved for ldapsearch by installing the experimental 2.2 ldap-utils with their OpenLDAP 2.2 library. I am not using any of OpenLDAP's server-side parts; just client-side. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.11-co-0.7.1 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages libldap2 depends on: ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libgnutls11 1.0.16-13GNU TLS library - runtime library ii libsasl22.1.19-1.5 Authentication abstraction library -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]