[Touch-packages] [Bug 1188475] Re: ldap group doesn't work
** Changed in: cyrus-sasl2 (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1188475 Title: ldap group doesn't work Status in Cyrus-sasl2: Fix Released Status in cyrus-sasl2 package in Ubuntu: Fix Released Bug description: Hello! I wrote almost the same mail to sasl mail list, but , I guess, it is good to fix in 12.04... This bug exists in 2.1.26 , and in 2.1.25 which is in 12.04 Problem is that after user is authentificated with ldap bind , ldap connection for checking user in group ( lak_group_member function ) is made with this user's bind, not bind parameters from config file. User can not ( and have not in our case- I don't know why , but this is not real problem ) have access to ldap groups. And so, authentication is always fail. I added unbind and anonymous bind ( enough in our case): /var/local/files/sasl/cyrus-sasl-2.1.26/saslauthd# diff -ur lak.c.orig lak.c --- lak.c.orig2013-06-07 09:15:20.098788278 +0400 +++ lak.c2013-06-07 09:22:31.504774185 +0400 @@ -1342,6 +1342,10 @@ if (rc != LAK_OK) goto done; +lak_unbind (lak ); +rc = lak_bind(lak, ""); + + rc = ldap_search_st(lak->ld, group_search_base, lak->conf->group_scope, group_filter, (char **) group_attrs, 0, &(lak->conf->timeout), ); switch (rc) { case LDAP_SUCCESS: but, it is obvoius that rebind should be done with credintials from config, but this is over my head :-( Could you, please, fix this bug correctly? Thank you! To manage notifications about this bug go to: https://bugs.launchpad.net/cyrus-sasl2/+bug/1188475/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1188475] Re: ldap group doesn't work
** Tags removed: bitesize -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1188475 Title: ldap group doesn't work Status in Cyrus-sasl2: Fix Released Status in cyrus-sasl2 package in Ubuntu: Confirmed Bug description: Hello! I wrote almost the same mail to sasl mail list, but , I guess, it is good to fix in 12.04... This bug exists in 2.1.26 , and in 2.1.25 which is in 12.04 Problem is that after user is authentificated with ldap bind , ldap connection for checking user in group ( lak_group_member function ) is made with this user's bind, not bind parameters from config file. User can not ( and have not in our case- I don't know why , but this is not real problem ) have access to ldap groups. And so, authentication is always fail. I added unbind and anonymous bind ( enough in our case): /var/local/files/sasl/cyrus-sasl-2.1.26/saslauthd# diff -ur lak.c.orig lak.c --- lak.c.orig2013-06-07 09:15:20.098788278 +0400 +++ lak.c2013-06-07 09:22:31.504774185 +0400 @@ -1342,6 +1342,10 @@ if (rc != LAK_OK) goto done; +lak_unbind (lak ); +rc = lak_bind(lak, ""); + + rc = ldap_search_st(lak->ld, group_search_base, lak->conf->group_scope, group_filter, (char **) group_attrs, 0, &(lak->conf->timeout), ); switch (rc) { case LDAP_SUCCESS: but, it is obvoius that rebind should be done with credintials from config, but this is over my head :-( Could you, please, fix this bug correctly? Thank you! To manage notifications about this bug go to: https://bugs.launchpad.net/cyrus-sasl2/+bug/1188475/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1188475] Re: ldap group doesn't work
** Tags removed: server-next server-next-drop -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1188475 Title: ldap group doesn't work Status in Cyrus-sasl2: Fix Released Status in cyrus-sasl2 package in Ubuntu: Confirmed Bug description: Hello! I wrote almost the same mail to sasl mail list, but , I guess, it is good to fix in 12.04... This bug exists in 2.1.26 , and in 2.1.25 which is in 12.04 Problem is that after user is authentificated with ldap bind , ldap connection for checking user in group ( lak_group_member function ) is made with this user's bind, not bind parameters from config file. User can not ( and have not in our case- I don't know why , but this is not real problem ) have access to ldap groups. And so, authentication is always fail. I added unbind and anonymous bind ( enough in our case): /var/local/files/sasl/cyrus-sasl-2.1.26/saslauthd# diff -ur lak.c.orig lak.c --- lak.c.orig2013-06-07 09:15:20.098788278 +0400 +++ lak.c2013-06-07 09:22:31.504774185 +0400 @@ -1342,6 +1342,10 @@ if (rc != LAK_OK) goto done; +lak_unbind (lak ); +rc = lak_bind(lak, ""); + + rc = ldap_search_st(lak->ld, group_search_base, lak->conf->group_scope, group_filter, (char **) group_attrs, 0, &(lak->conf->timeout), ); switch (rc) { case LDAP_SUCCESS: but, it is obvoius that rebind should be done with credintials from config, but this is over my head :-( Could you, please, fix this bug correctly? Thank you! To manage notifications about this bug go to: https://bugs.launchpad.net/cyrus-sasl2/+bug/1188475/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1188475] Re: ldap group doesn't work
** Tags added: server-next-drop -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1188475 Title: ldap group doesn't work Status in Cyrus-sasl2: Fix Released Status in cyrus-sasl2 package in Ubuntu: Confirmed Bug description: Hello! I wrote almost the same mail to sasl mail list, but , I guess, it is good to fix in 12.04... This bug exists in 2.1.26 , and in 2.1.25 which is in 12.04 Problem is that after user is authentificated with ldap bind , ldap connection for checking user in group ( lak_group_member function ) is made with this user's bind, not bind parameters from config file. User can not ( and have not in our case- I don't know why , but this is not real problem ) have access to ldap groups. And so, authentication is always fail. I added unbind and anonymous bind ( enough in our case): /var/local/files/sasl/cyrus-sasl-2.1.26/saslauthd# diff -ur lak.c.orig lak.c --- lak.c.orig2013-06-07 09:15:20.098788278 +0400 +++ lak.c2013-06-07 09:22:31.504774185 +0400 @@ -1342,6 +1342,10 @@ if (rc != LAK_OK) goto done; +lak_unbind (lak ); +rc = lak_bind(lak, ""); + + rc = ldap_search_st(lak->ld, group_search_base, lak->conf->group_scope, group_filter, (char **) group_attrs, 0, &(lak->conf->timeout), ); switch (rc) { case LDAP_SUCCESS: but, it is obvoius that rebind should be done with credintials from config, but this is over my head :-( Could you, please, fix this bug correctly? Thank you! To manage notifications about this bug go to: https://bugs.launchpad.net/cyrus-sasl2/+bug/1188475/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1188475] Re: ldap group doesn't work
About comment 6- in my opinion this highly depends on your implementation and policy. I work for not so large company, I'd say small - just about 4200 employers-, so our policy can be wrong - it says not show users their rights, i.e. intruder needs to try ;-) >From another point of view- ldap connection credentials are supplied in >config, so application have to use them, not others. Your point of view is right too- as I said this depends on your policy. Thank you! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1188475 Title: ldap group doesn't work Status in Cyrus-sasl2: Fix Released Status in cyrus-sasl2 package in Ubuntu: Confirmed Bug description: Hello! I wrote almost the same mail to sasl mail list, but , I guess, it is good to fix in 12.04... This bug exists in 2.1.26 , and in 2.1.25 which is in 12.04 Problem is that after user is authentificated with ldap bind , ldap connection for checking user in group ( lak_group_member function ) is made with this user's bind, not bind parameters from config file. User can not ( and have not in our case- I don't know why , but this is not real problem ) have access to ldap groups. And so, authentication is always fail. I added unbind and anonymous bind ( enough in our case): /var/local/files/sasl/cyrus-sasl-2.1.26/saslauthd# diff -ur lak.c.orig lak.c --- lak.c.orig2013-06-07 09:15:20.098788278 +0400 +++ lak.c2013-06-07 09:22:31.504774185 +0400 @@ -1342,6 +1342,10 @@ if (rc != LAK_OK) goto done; +lak_unbind (lak ); +rc = lak_bind(lak, ""); + + rc = ldap_search_st(lak->ld, group_search_base, lak->conf->group_scope, group_filter, (char **) group_attrs, 0, &(lak->conf->timeout), ); switch (rc) { case LDAP_SUCCESS: but, it is obvoius that rebind should be done with credintials from config, but this is over my head :-( Could you, please, fix this bug correctly? Thank you! To manage notifications about this bug go to: https://bugs.launchpad.net/cyrus-sasl2/+bug/1188475/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1188475] Re: ldap group doesn't work
Hello! I'm not Debian user, so I don't think this is good idea to open bug report for product I don't use. And I don't see any reasons why Ubuntu can't provide support for it's packages and have to rely on Debian :-( Anyway, fix will be in next release, so it will work out of box in 20.04 :-D Thank you! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1188475 Title: ldap group doesn't work Status in Cyrus-sasl2: Fix Released Status in cyrus-sasl2 package in Ubuntu: Confirmed Bug description: Hello! I wrote almost the same mail to sasl mail list, but , I guess, it is good to fix in 12.04... This bug exists in 2.1.26 , and in 2.1.25 which is in 12.04 Problem is that after user is authentificated with ldap bind , ldap connection for checking user in group ( lak_group_member function ) is made with this user's bind, not bind parameters from config file. User can not ( and have not in our case- I don't know why , but this is not real problem ) have access to ldap groups. And so, authentication is always fail. I added unbind and anonymous bind ( enough in our case): /var/local/files/sasl/cyrus-sasl-2.1.26/saslauthd# diff -ur lak.c.orig lak.c --- lak.c.orig2013-06-07 09:15:20.098788278 +0400 +++ lak.c2013-06-07 09:22:31.504774185 +0400 @@ -1342,6 +1342,10 @@ if (rc != LAK_OK) goto done; +lak_unbind (lak ); +rc = lak_bind(lak, ""); + + rc = ldap_search_st(lak->ld, group_search_base, lak->conf->group_scope, group_filter, (char **) group_attrs, 0, &(lak->conf->timeout), ); switch (rc) { case LDAP_SUCCESS: but, it is obvoius that rebind should be done with credintials from config, but this is over my head :-( Could you, please, fix this bug correctly? Thank you! To manage notifications about this bug go to: https://bugs.launchpad.net/cyrus-sasl2/+bug/1188475/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1188475] Re: ldap group doesn't work
Hi @sles, I marked this bug as invalid because there was no answer to my question in comment #6 for close to two months, and launchpad wouldn't set this bug to expired. Also when I checked, upstream hadn't commented on your github issue. I still don't understand fully why the original behaviour is incorrect, but I will take my issue with upstream, since them merging it is a good indication that I'm wrong. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1188475 Title: ldap group doesn't work Status in Cyrus-sasl2: Fix Released Status in cyrus-sasl2 package in Ubuntu: Confirmed Bug description: Hello! I wrote almost the same mail to sasl mail list, but , I guess, it is good to fix in 12.04... This bug exists in 2.1.26 , and in 2.1.25 which is in 12.04 Problem is that after user is authentificated with ldap bind , ldap connection for checking user in group ( lak_group_member function ) is made with this user's bind, not bind parameters from config file. User can not ( and have not in our case- I don't know why , but this is not real problem ) have access to ldap groups. And so, authentication is always fail. I added unbind and anonymous bind ( enough in our case): /var/local/files/sasl/cyrus-sasl-2.1.26/saslauthd# diff -ur lak.c.orig lak.c --- lak.c.orig2013-06-07 09:15:20.098788278 +0400 +++ lak.c2013-06-07 09:22:31.504774185 +0400 @@ -1342,6 +1342,10 @@ if (rc != LAK_OK) goto done; +lak_unbind (lak ); +rc = lak_bind(lak, ""); + + rc = ldap_search_st(lak->ld, group_search_base, lak->conf->group_scope, group_filter, (char **) group_attrs, 0, &(lak->conf->timeout), ); switch (rc) { case LDAP_SUCCESS: but, it is obvoius that rebind should be done with credintials from config, but this is over my head :-( Could you, please, fix this bug correctly? Thank you! To manage notifications about this bug go to: https://bugs.launchpad.net/cyrus-sasl2/+bug/1188475/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1188475] Re: ldap group doesn't work
** Changed in: cyrus-sasl2 Status: Unknown => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1188475 Title: ldap group doesn't work Status in Cyrus-sasl2: Fix Released Status in cyrus-sasl2 package in Ubuntu: Confirmed Bug description: Hello! I wrote almost the same mail to sasl mail list, but , I guess, it is good to fix in 12.04... This bug exists in 2.1.26 , and in 2.1.25 which is in 12.04 Problem is that after user is authentificated with ldap bind , ldap connection for checking user in group ( lak_group_member function ) is made with this user's bind, not bind parameters from config file. User can not ( and have not in our case- I don't know why , but this is not real problem ) have access to ldap groups. And so, authentication is always fail. I added unbind and anonymous bind ( enough in our case): /var/local/files/sasl/cyrus-sasl-2.1.26/saslauthd# diff -ur lak.c.orig lak.c --- lak.c.orig2013-06-07 09:15:20.098788278 +0400 +++ lak.c2013-06-07 09:22:31.504774185 +0400 @@ -1342,6 +1342,10 @@ if (rc != LAK_OK) goto done; +lak_unbind (lak ); +rc = lak_bind(lak, ""); + + rc = ldap_search_st(lak->ld, group_search_base, lak->conf->group_scope, group_filter, (char **) group_attrs, 0, &(lak->conf->timeout), ); switch (rc) { case LDAP_SUCCESS: but, it is obvoius that rebind should be done with credintials from config, but this is over my head :-( Could you, please, fix this bug correctly? Thank you! To manage notifications about this bug go to: https://bugs.launchpad.net/cyrus-sasl2/+bug/1188475/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1188475] Re: ldap group doesn't work
Thanks sles for driving that upstream! FYI - Merged 19 hours ago so not in any release (yet). Now we are back to Josh's comment #3 to file it in Debian to sync to Artful from there. If you do open a report the please mention it here so we can link it up to get auto-notified once it is accepted. It is preferred that the reporter (and in this case also patch author) does that bug opening, please let us know if you are unable to do so that we can help. >From there we need to consider SRUing [1] it into released Ubuntu versions [1]: https://wiki.ubuntu.com/StableReleaseUpdates -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1188475 Title: ldap group doesn't work Status in Cyrus-sasl2: Unknown Status in cyrus-sasl2 package in Ubuntu: Confirmed Bug description: Hello! I wrote almost the same mail to sasl mail list, but , I guess, it is good to fix in 12.04... This bug exists in 2.1.26 , and in 2.1.25 which is in 12.04 Problem is that after user is authentificated with ldap bind , ldap connection for checking user in group ( lak_group_member function ) is made with this user's bind, not bind parameters from config file. User can not ( and have not in our case- I don't know why , but this is not real problem ) have access to ldap groups. And so, authentication is always fail. I added unbind and anonymous bind ( enough in our case): /var/local/files/sasl/cyrus-sasl-2.1.26/saslauthd# diff -ur lak.c.orig lak.c --- lak.c.orig2013-06-07 09:15:20.098788278 +0400 +++ lak.c2013-06-07 09:22:31.504774185 +0400 @@ -1342,6 +1342,10 @@ if (rc != LAK_OK) goto done; +lak_unbind (lak ); +rc = lak_bind(lak, ""); + + rc = ldap_search_st(lak->ld, group_search_base, lak->conf->group_scope, group_filter, (char **) group_attrs, 0, &(lak->conf->timeout), ); switch (rc) { case LDAP_SUCCESS: but, it is obvoius that rebind should be done with credintials from config, but this is over my head :-( Could you, please, fix this bug correctly? Thank you! To manage notifications about this bug go to: https://bugs.launchpad.net/cyrus-sasl2/+bug/1188475/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1188475] Re: ldap group doesn't work
** Also affects: cyrus-sasl2 via https://github.com/cyrusimap/cyrus-sasl/issues/427 Importance: Unknown Status: Unknown ** Tags removed: needs-upstream-report ** Tags added: server-next -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1188475 Title: ldap group doesn't work Status in Cyrus-sasl2: Unknown Status in cyrus-sasl2 package in Ubuntu: Confirmed Bug description: Hello! I wrote almost the same mail to sasl mail list, but , I guess, it is good to fix in 12.04... This bug exists in 2.1.26 , and in 2.1.25 which is in 12.04 Problem is that after user is authentificated with ldap bind , ldap connection for checking user in group ( lak_group_member function ) is made with this user's bind, not bind parameters from config file. User can not ( and have not in our case- I don't know why , but this is not real problem ) have access to ldap groups. And so, authentication is always fail. I added unbind and anonymous bind ( enough in our case): /var/local/files/sasl/cyrus-sasl-2.1.26/saslauthd# diff -ur lak.c.orig lak.c --- lak.c.orig2013-06-07 09:15:20.098788278 +0400 +++ lak.c2013-06-07 09:22:31.504774185 +0400 @@ -1342,6 +1342,10 @@ if (rc != LAK_OK) goto done; +lak_unbind (lak ); +rc = lak_bind(lak, ""); + + rc = ldap_search_st(lak->ld, group_search_base, lak->conf->group_scope, group_filter, (char **) group_attrs, 0, &(lak->conf->timeout), ); switch (rc) { case LDAP_SUCCESS: but, it is obvoius that rebind should be done with credintials from config, but this is over my head :-( Could you, please, fix this bug correctly? Thank you! To manage notifications about this bug go to: https://bugs.launchpad.net/cyrus-sasl2/+bug/1188475/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1188475] Re: ldap group doesn't work
Why invalid? Please get into ubuntu current code :-) https://github.com/cyrusimap/cyrus-sasl/pull/428 ** Changed in: cyrus-sasl2 (Ubuntu) Status: Invalid => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1188475 Title: ldap group doesn't work Status in cyrus-sasl2 package in Ubuntu: Confirmed Bug description: Hello! I wrote almost the same mail to sasl mail list, but , I guess, it is good to fix in 12.04... This bug exists in 2.1.26 , and in 2.1.25 which is in 12.04 Problem is that after user is authentificated with ldap bind , ldap connection for checking user in group ( lak_group_member function ) is made with this user's bind, not bind parameters from config file. User can not ( and have not in our case- I don't know why , but this is not real problem ) have access to ldap groups. And so, authentication is always fail. I added unbind and anonymous bind ( enough in our case): /var/local/files/sasl/cyrus-sasl-2.1.26/saslauthd# diff -ur lak.c.orig lak.c --- lak.c.orig2013-06-07 09:15:20.098788278 +0400 +++ lak.c2013-06-07 09:22:31.504774185 +0400 @@ -1342,6 +1342,10 @@ if (rc != LAK_OK) goto done; +lak_unbind (lak ); +rc = lak_bind(lak, ""); + + rc = ldap_search_st(lak->ld, group_search_base, lak->conf->group_scope, group_filter, (char **) group_attrs, 0, &(lak->conf->timeout), ); switch (rc) { case LDAP_SUCCESS: but, it is obvoius that rebind should be done with credintials from config, but this is over my head :-( Could you, please, fix this bug correctly? Thank you! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1188475/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1188475] Re: ldap group doesn't work
For some reason bug expiration isn't working for this bug. Given that there were no updates for over two months, I'm marking it as invalid. Feel free to reopen it if you have more information about the problem. Thanks! ** Changed in: cyrus-sasl2 (Ubuntu) Status: Incomplete => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1188475 Title: ldap group doesn't work Status in cyrus-sasl2 package in Ubuntu: Invalid Bug description: Hello! I wrote almost the same mail to sasl mail list, but , I guess, it is good to fix in 12.04... This bug exists in 2.1.26 , and in 2.1.25 which is in 12.04 Problem is that after user is authentificated with ldap bind , ldap connection for checking user in group ( lak_group_member function ) is made with this user's bind, not bind parameters from config file. User can not ( and have not in our case- I don't know why , but this is not real problem ) have access to ldap groups. And so, authentication is always fail. I added unbind and anonymous bind ( enough in our case): /var/local/files/sasl/cyrus-sasl-2.1.26/saslauthd# diff -ur lak.c.orig lak.c --- lak.c.orig2013-06-07 09:15:20.098788278 +0400 +++ lak.c2013-06-07 09:22:31.504774185 +0400 @@ -1342,6 +1342,10 @@ if (rc != LAK_OK) goto done; +lak_unbind (lak ); +rc = lak_bind(lak, ""); + + rc = ldap_search_st(lak->ld, group_search_base, lak->conf->group_scope, group_filter, (char **) group_attrs, 0, &(lak->conf->timeout), ); switch (rc) { case LDAP_SUCCESS: but, it is obvoius that rebind should be done with credintials from config, but this is over my head :-( Could you, please, fix this bug correctly? Thank you! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1188475/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1188475] Re: ldap group doesn't work
Can you share your saslauthd configuration, and portions of your DIT showing how the users and groups are organised? At first glance, it feels correct to be using the user's DN to check for group membership. I would certainly expect to be able to tell which groups I belong to without having to resort to some sort of third party or even administrator credentials. ** Changed in: cyrus-sasl2 (Ubuntu) Status: Triaged => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1188475 Title: ldap group doesn't work Status in cyrus-sasl2 package in Ubuntu: Incomplete Bug description: Hello! I wrote almost the same mail to sasl mail list, but , I guess, it is good to fix in 12.04... This bug exists in 2.1.26 , and in 2.1.25 which is in 12.04 Problem is that after user is authentificated with ldap bind , ldap connection for checking user in group ( lak_group_member function ) is made with this user's bind, not bind parameters from config file. User can not ( and have not in our case- I don't know why , but this is not real problem ) have access to ldap groups. And so, authentication is always fail. I added unbind and anonymous bind ( enough in our case): /var/local/files/sasl/cyrus-sasl-2.1.26/saslauthd# diff -ur lak.c.orig lak.c --- lak.c.orig2013-06-07 09:15:20.098788278 +0400 +++ lak.c2013-06-07 09:22:31.504774185 +0400 @@ -1342,6 +1342,10 @@ if (rc != LAK_OK) goto done; +lak_unbind (lak ); +rc = lak_bind(lak, ""); + + rc = ldap_search_st(lak->ld, group_search_base, lak->conf->group_scope, group_filter, (char **) group_attrs, 0, &(lak->conf->timeout), ); switch (rc) { case LDAP_SUCCESS: but, it is obvoius that rebind should be done with credintials from config, but this is over my head :-( Could you, please, fix this bug correctly? Thank you! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1188475/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1188475] Re: ldap group doesn't work
User filed upstream bug at https://github.com/cyrusimap/cyrus- sasl/issues/427 ** Bug watch added: github.com/cyrusimap/cyrus-sasl/issues #427 https://github.com/cyrusimap/cyrus-sasl/issues/427 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1188475 Title: ldap group doesn't work Status in cyrus-sasl2 package in Ubuntu: Triaged Bug description: Hello! I wrote almost the same mail to sasl mail list, but , I guess, it is good to fix in 12.04... This bug exists in 2.1.26 , and in 2.1.25 which is in 12.04 Problem is that after user is authentificated with ldap bind , ldap connection for checking user in group ( lak_group_member function ) is made with this user's bind, not bind parameters from config file. User can not ( and have not in our case- I don't know why , but this is not real problem ) have access to ldap groups. And so, authentication is always fail. I added unbind and anonymous bind ( enough in our case): /var/local/files/sasl/cyrus-sasl-2.1.26/saslauthd# diff -ur lak.c.orig lak.c --- lak.c.orig2013-06-07 09:15:20.098788278 +0400 +++ lak.c2013-06-07 09:22:31.504774185 +0400 @@ -1342,6 +1342,10 @@ if (rc != LAK_OK) goto done; +lak_unbind (lak ); +rc = lak_bind(lak, ""); + + rc = ldap_search_st(lak->ld, group_search_base, lak->conf->group_scope, group_filter, (char **) group_attrs, 0, &(lak->conf->timeout), ); switch (rc) { case LDAP_SUCCESS: but, it is obvoius that rebind should be done with credintials from config, but this is over my head :-( Could you, please, fix this bug correctly? Thank you! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1188475/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1188475] Re: ldap group doesn't work
Hello! I created pull request in cyrus sasl repository https://github.com/cyrusimap/cyrus-sasl/pull/428 If you don't patch debian packages, then why debian should do this, let cyrus developers fix it ;-) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1188475 Title: ldap group doesn't work Status in cyrus-sasl2 package in Ubuntu: Triaged Bug description: Hello! I wrote almost the same mail to sasl mail list, but , I guess, it is good to fix in 12.04... This bug exists in 2.1.26 , and in 2.1.25 which is in 12.04 Problem is that after user is authentificated with ldap bind , ldap connection for checking user in group ( lak_group_member function ) is made with this user's bind, not bind parameters from config file. User can not ( and have not in our case- I don't know why , but this is not real problem ) have access to ldap groups. And so, authentication is always fail. I added unbind and anonymous bind ( enough in our case): /var/local/files/sasl/cyrus-sasl-2.1.26/saslauthd# diff -ur lak.c.orig lak.c --- lak.c.orig2013-06-07 09:15:20.098788278 +0400 +++ lak.c2013-06-07 09:22:31.504774185 +0400 @@ -1342,6 +1342,10 @@ if (rc != LAK_OK) goto done; +lak_unbind (lak ); +rc = lak_bind(lak, ""); + + rc = ldap_search_st(lak->ld, group_search_base, lak->conf->group_scope, group_filter, (char **) group_attrs, 0, &(lak->conf->timeout), ); switch (rc) { case LDAP_SUCCESS: but, it is obvoius that rebind should be done with credintials from config, but this is over my head :-( Could you, please, fix this bug correctly? Thank you! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1188475/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1188475] Re: ldap group doesn't work
Thank you for taking the time to report this bug and helping to make Ubuntu better. Sorry this got dropped over the years. This bug is present in Debian as well and Ubuntu currently does not make any changes to the Debian package. Therefore, this bug would be best fixed directly in Debian, and then Ubuntu will pick up the fix automatically. Would you mind filing a bug with Debian please? ** Tags added: bitesize needs-upstream-report ** Changed in: cyrus-sasl2 (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1188475 Title: ldap group doesn't work Status in cyrus-sasl2 package in Ubuntu: Triaged Bug description: Hello! I wrote almost the same mail to sasl mail list, but , I guess, it is good to fix in 12.04... This bug exists in 2.1.26 , and in 2.1.25 which is in 12.04 Problem is that after user is authentificated with ldap bind , ldap connection for checking user in group ( lak_group_member function ) is made with this user's bind, not bind parameters from config file. User can not ( and have not in our case- I don't know why , but this is not real problem ) have access to ldap groups. And so, authentication is always fail. I added unbind and anonymous bind ( enough in our case): /var/local/files/sasl/cyrus-sasl-2.1.26/saslauthd# diff -ur lak.c.orig lak.c --- lak.c.orig2013-06-07 09:15:20.098788278 +0400 +++ lak.c2013-06-07 09:22:31.504774185 +0400 @@ -1342,6 +1342,10 @@ if (rc != LAK_OK) goto done; +lak_unbind (lak ); +rc = lak_bind(lak, ""); + + rc = ldap_search_st(lak->ld, group_search_base, lak->conf->group_scope, group_filter, (char **) group_attrs, 0, &(lak->conf->timeout), ); switch (rc) { case LDAP_SUCCESS: but, it is obvoius that rebind should be done with credintials from config, but this is over my head :-( Could you, please, fix this bug correctly? Thank you! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1188475/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1188475] Re: ldap group doesn't work
Hello! Still have this bug on 16.04. Have to use my old patch, because there is the same bug... Why???!!! :-( -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1188475 Title: ldap group doesn't work Status in cyrus-sasl2 package in Ubuntu: New Bug description: Hello! I wrote almost the same mail to sasl mail list, but , I guess, it is good to fix in 12.04... This bug exists in 2.1.26 , and in 2.1.25 which is in 12.04 Problem is that after user is authentificated with ldap bind , ldap connection for checking user in group ( lak_group_member function ) is made with this user's bind, not bind parameters from config file. User can not ( and have not in our case- I don't know why , but this is not real problem ) have access to ldap groups. And so, authentication is always fail. I added unbind and anonymous bind ( enough in our case): /var/local/files/sasl/cyrus-sasl-2.1.26/saslauthd# diff -ur lak.c.orig lak.c --- lak.c.orig2013-06-07 09:15:20.098788278 +0400 +++ lak.c2013-06-07 09:22:31.504774185 +0400 @@ -1342,6 +1342,10 @@ if (rc != LAK_OK) goto done; +lak_unbind (lak ); +rc = lak_bind(lak, ""); + + rc = ldap_search_st(lak->ld, group_search_base, lak->conf->group_scope, group_filter, (char **) group_attrs, 0, &(lak->conf->timeout), ); switch (rc) { case LDAP_SUCCESS: but, it is obvoius that rebind should be done with credintials from config, but this is over my head :-( Could you, please, fix this bug correctly? Thank you! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1188475/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp