About comment 6- in my opinion this highly depends on your implementation and policy. I work for not so large company, I'd say small - just about 4200 employers-, so our policy can be wrong - it says not show users their rights, i.e. intruder needs to try ;-) >From another point of view- ldap connection credentials are supplied in >config, so application have to use them, not others. Your point of view is right too- as I said this depends on your policy. Thank you!
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1188475 Title: ldap group doesn't work Status in Cyrus-sasl2: Fix Released Status in cyrus-sasl2 package in Ubuntu: Confirmed Bug description: Hello! I wrote almost the same mail to sasl mail list, but , I guess, it is good to fix in 12.04... This bug exists in 2.1.26 , and in 2.1.25 which is in 12.04 Problem is that after user is authentificated with ldap bind , ldap connection for checking user in group ( lak_group_member function ) is made with this user's bind, not bind parameters from config file. User can not ( and have not in our case- I don't know why , but this is not real problem ) have access to ldap groups. And so, authentication is always fail. I added unbind and anonymous bind ( enough in our case): /var/local/files/sasl/cyrus-sasl-2.1.26/saslauthd# diff -ur lak.c.orig lak.c --- lak.c.orig 2013-06-07 09:15:20.098788278 +0400 +++ lak.c 2013-06-07 09:22:31.504774185 +0400 @@ -1342,6 +1342,10 @@ if (rc != LAK_OK) goto done; + lak_unbind (lak ); + rc = lak_bind(lak, ""); + + rc = ldap_search_st(lak->ld, group_search_base, lak->conf->group_scope, group_filter, (char **) group_attrs, 0, &(lak->conf->timeout), &res); switch (rc) { case LDAP_SUCCESS: but, it is obvoius that rebind should be done with credintials from config, but this is over my head :-( Could you, please, fix this bug correctly? Thank you! To manage notifications about this bug go to: https://bugs.launchpad.net/cyrus-sasl2/+bug/1188475/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
