Bug#273620: libldap2: auth failure using ldap
On Wed, Mar 09, 2005 at 11:29:58PM -, DrPizza wrote: If this means resolving whatever legal issues (by e.g. using gnutls instead of openssl) surely that's the price that has to be paid and the work that has to be done. Okay, so you are doing it? I already spend like 100 hours on this and it is still not ready. To implement this you need to - learn OpenSSL to understand what the TLS stuff in libldap is doing - learn about the logic of those LBER sockbuf communications layer used in libldap at least so much that you understand what's going on in tls.c - learn GnuTLS to make libldap support it - be very sure you are not doing a mistake in porting as there is only one thing worse than no security: the false feeling of security Waiting for your patches... Torsten PS: The server side was updated to fix the bunch of release critical bugs against the server side which is much more problematic than the client side so far. signature.asc Description: Digital signature
Bug#273620: libldap2: auth failure using ldap
Hi Peter,
On Tue, Mar 08, 2005 at 11:15:55PM +, Peter Bright wrote:
I'm using libnss-ldap/libpam-ldap against a Windows 2003 Active Directory
Domain Controller. With SSL disabled in /etc/{libnss-,pam_}ldap.conf, all
works as expected; I can authenticate, enumerate users, etc..
With SSL enabled (ssl on), I consistently (as in, every *single* time)
receive the same error as in the initial report whenever any LDAP action is
performed:
/home/roland/debian/openldap/build/2.1.30/openldap2-2.1.30/libraries/libldap/cyrus.c:468:
ldap_int_sasl_open: Assertion lc-lconn_sasl_ctx == ((void *)0)' failed.
Bleargh.
Sorry, can't say more about this at this time.
Greetings
Torsten
signature.asc
Description: Digital signature
Bug#273620: libldap2: auth failure using ldap
Maybe I'm missing something, but surely fixing the server-side portion
is considerably less important than fixing the client libraries?
I mean, clients will surely tend to number servers many times over; for
every server user suffering due to the old version there's going to be
many more client users also suffering. Further, the server is pretty
standalone anyway and benefits least from the package management. If I
want slapd 2.2 running I can easily install it from source. It's much
more work to get libnss-ldap and pam-ldap and *everything else I want to
be able to talk to my directory* upgraded, and it's this area where
packaging really yields benefits.
If this means resolving whatever legal issues (by e.g. using gnutls
instead of openssl) surely that's the price that has to be paid and the
work that has to be done.
-Original Message-
From: Torsten Landschoff [mailto:[EMAIL PROTECTED]
Sent: 09 March 2005 07:51
To: DrPizza; [EMAIL PROTECTED]
Subject: Re: Bug#273620: libldap2: auth failure using ldap
Hi Peter,
On Tue, Mar 08, 2005 at 11:15:55PM +, Peter Bright wrote:
I'm using libnss-ldap/libpam-ldap against a Windows 2003 Active
Directory Domain Controller. With SSL disabled in
/etc/{libnss-,pam_}ldap.conf, all works as expected; I can
authenticate, enumerate users, etc..
With SSL enabled (ssl on), I consistently (as in, every *single*
time) receive the same error as in the initial report whenever any
LDAP action is
performed:
/home/roland/debian/openldap/build/2.1.30/openldap2-2.1.30/lib
raries/libldap/cyrus.c:468:
ldap_int_sasl_open: Assertion lc-lconn_sasl_ctx == ((void
*)0)' failed.
Bleargh.
Sorry, can't say more about this at this time.
Greetings
Torsten
Bug#273620: libldap2: auth failure using ldap
Package: libldap2
Version: 2.1.30-3
Followup-For: Bug #273620
I'm seeing the same problem, only I'm seeing it consistently.
I'm using libnss-ldap/libpam-ldap against a Windows 2003 Active Directory
Domain Controller. With SSL disabled in /etc/{libnss-,pam_}ldap.conf, all
works as expected; I can authenticate, enumerate users, etc..
With SSL enabled (ssl on), I consistently (as in, every *single* time)
receive the same error as in the initial report whenever any LDAP action is
performed:
/home/roland/debian/openldap/build/2.1.30/openldap2-2.1.30/libraries/libldap/cyrus.c:468:
ldap_int_sasl_open: Assertion lc-lconn_sasl_ctx == ((void *)0)' failed.
With TLS enabled (ssl starttls) I don't get the crash; I do however see
hangs instead (with ldapsearch/libnss-ldap/etc.). Performing e.g. getent
passwd spits out all the right information but then doesn't exit. It would
seem to be a similar issue to #294200. This is resolved for ldapsearch by
installing the experimental 2.2 ldap-utils with their OpenLDAP 2.2 library.
I am not using any of OpenLDAP's server-side parts; just client-side.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.11-co-0.7.1
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages libldap2 depends on:
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii libgnutls11 1.0.16-13GNU TLS library - runtime library
ii libsasl22.1.19-1.5 Authentication abstraction library
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
