Patrick Ben Koetter wrote:
This mail expands on a mail I had sent to cyrus-sasl@xxxxxxxxxxxxxxxxxxxx a
few days ago. I spent the last days testing this and I believe I have found a
bug.
The likelihood that a bug is in the ldapdb code is about zero.
Version: Cyrus SASL 2.1.22
OS: CentOS (also tested and verified on Ubuntu and OpenSuse)
Descrition: Entries that successfully can be authenticated using the
ldapwhoami command can only partially be authenticated using the
Cyrus SASL ldapdb-plugin.
Steps to reproduce:
(All files are available for download at
<http://www.state-of-mind.de/bugreport_cyrus-sasl-2.1.22.tgz>)
Since you've gone to the trouble of packaging this up, you should also have
included an extract from the slapd debug log taken from running the sample-
authentication.
1. Install configuration as provided by bugreport_cyrus-sasl-2.1.22.tgz.
2. Use ldapwhoami to verify authentication:
[root@netinstall ldap]# ldapwhoami -U a -w a
SASL/DIGEST-MD5 authentication started
SASL username: a
SASL SSF: 128
SASL installing layers
dn:uid=a,ou=people,dc=example,dc=com
Result: Success (0)
[root@netinstall ldap]# ldapwhoami -U b -w b
SASL/DIGEST-MD5 authentication started
SASL username: b
SASL SSF: 128
SASL installing layers
dn:uid=b,ou=people,dc=example,dc=com
Result: Success (0)
Neither of these commands reflects what the ldapdb plugin does. To test that
you first need to test e.g.
ldapwhoami -U proxyuser -X a
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
