[Bug 1912256] Re: Missing channel binding prevents authentication to ActiveDirectory

2022-06-02 Thread Sergio Durigan Junior
Thank you, Christian. As discussed with Andreas, I've added a cyrus-sasl2 task to this bug and assigned him to it. This bug is probably going to involve modifications on cyrus-sasl2 only; after channel binding has been implemented there, we should be able to enable it in openldap by just

[Bug 1912256] Re: Missing channel binding prevents authentication to ActiveDirectory

2022-06-02 Thread Launchpad Bug Tracker
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: openldap (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1912256 Title:

[Bug 1912256] Re: Missing channel binding prevents authentication to ActiveDirectory

2022-06-02 Thread Launchpad Bug Tracker
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: cyrus-sasl2 (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1912256 Title:

[Bug 1912256] Re: Missing channel binding prevents authentication to ActiveDirectory

2022-06-02 Thread Sergio Durigan Junior
** Also affects: cyrus-sasl2 (Ubuntu) Importance: Undecided Status: New ** Changed in: cyrus-sasl2 (Ubuntu) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) ** Changed in: cyrus-sasl2 (Ubuntu) Assignee: Sergio Durigan Junior (sergiodj) => Andreas Hasenack

[Bug 1912256] Re: Missing channel binding prevents authentication to ActiveDirectory

2022-06-02 Thread Christian Ehrhardt 
Hi, I'm revisiting bugs that have been dormant for too long trying to retriage them. In this case the current situation to me looks like: - openldap change 3cd50fa having landed in v2.5.8 and later - cyrus-sasl change 975edbb6 still isn't in any release AFAICS - that is odd as

[Bug 1912256] Re: Missing channel binding prevents authentication to ActiveDirectory

2021-01-20 Thread Robert Schneider
I should maybe add the following detail: Channel binding, from all I can tell, is only available via TLS (even conceptually). That is, the issue mentioned in the bug report only happens when using ldaps. In certain cases, it is therefore possible to work around the lack of channel binding by

[Bug 1912256] Re: Missing channel binding prevents authentication to ActiveDirectory

2021-01-19 Thread Lucas Kanashiro
Thanks for taking the time to file this bug and try to make Ubuntu better. I subscribed ubuntu-server and Sergio who has been working on this stack recently to investigate what you described. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to

[Bug 1912256] Re: Missing channel binding prevents authentication to ActiveDirectory

2021-01-18 Thread Robert Schneider
Might have been confusing to write # kinit $ export LDAPSASL_CBINDING=tls-endpoint Both are supposed to be called from the same user. I meant to imply that an existing, valid ticket in the current user's credential cache is required for krb5 authentication via SASL in the ldapwhoami step. --