--On Monday, December 02, 2013 01:14:24 PM -0800 Sergey Emantayev <sergeem@xxxxxxxxx> wrote:
Hello, We successfully use OpenLDAP C SDK 2.4.36 integrated with Cyrus-SASL 2.1.23. Recently we have upgraded Cyrus-SASL to 2.1.26 and encountering the next issue. LDAP search consistently fails. We analyzed this issue and found the following behavior. When we use OpenLDAP with Cyrus-SASL 2.1.23 the LDAP Message Search Request payload is wrapped in GSS-API payload. When we use OpenLDAP with Cyrus-SASL 2.1.26 the LDAP Message Search Request payload is not wrapped in GSS-API payload at all. LDAP Search Request looks like clear text LDAP Search Request and not like LDAP SASL Search Request. In both cases - with Cyrus-SASL 2.1.23 and with Cyrus-SASL 2.1.26 – LDAP SASL Bind succeeds and LDAP SASL bindResponse looks identical with Cyrus-SASL 2.1.23 and with Cyrus-SASL 2.1.26. Please advise how to troubleshoot the issue.
When I tried using 2.1.26 I had to set minssf to get it to work. Here is the setting that we are currently using. olcSaslSecProps: minssf=1,noplain,noanonymous Bill -- Bill MacAllister Infrastructure Delivery Group, Stanford University
