Directory server returns err=0 when EXTERNAL SASL while the RFC (rfc4513) states that inappropriateAuthentication (error code 48) has to be returned:
If the client's authentication credentials have not been established at a lower security layer, the SASL EXTERNAL Bind MUST fail with a resultCode of inappropriateAuthentication. Although this situation has the effect of leaving the LDAP session in an anonymous state (Section 4), the state of any installed security layer is unaffected.
Steps to Reproduce: 1. Setup a DS with SSL support 2. Try any ldapsearch 3. Check the logs
Actual results: In access the BIND has result: [24/Jan/2013:11:10:03 +0100] conn=77224 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
Expected results: In access the BIND has result: [24/Jan/2013:11:10:03 +0100] conn=77224 op=0 RESULT err=48 tag=97 nentries=0 etime=0 dn=""
attachment 0001-Ticket-580-Wrong-error-code-return-when-using-EXTERN.patch
git merge ticket580 Updating 1a35074..2a81336 Fast-forward ldap/servers/slapd/bind.c | 26 +++++++++++++++++++------- 1 files changed, 19 insertions(+), 7 deletions(-)
git push origin master Counting objects: 11, done. Delta compression using up to 4 threads. Compressing objects: 100% (6/6), done. Writing objects: 100% (6/6), 930 bytes, done. Total 6 (delta 4), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 1a35074..2a81336 master -> master
commit 2a81336
This needs to be backported to the 1.2.11, 1.3.0, and 1.3.1 branches.
1.2.11:
git push origin 389-ds-base-1.2.11 Counting objects: 11, done. Delta compression using up to 4 threads. Compressing objects: 100% (6/6), done. Writing objects: 100% (6/6), 975 bytes, done. Total 6 (delta 4), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git d175441..9bea04c 389-ds-base-1.2.11 -> 389-ds-base-1.2.11
commit 9bea04c
1.3.0
git push origin 389-ds-base-1.3.0 Counting objects: 11, done. Delta compression using up to 4 threads. Compressing objects: 100% (6/6), done. Writing objects: 100% (6/6), 976 bytes, done. Total 6 (delta 4), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 11c0f99..47a8402 389-ds-base-1.3.0 -> 389-ds-base-1.3.0
commit 47a8402
1.3.1
git push origin 389-ds-base-1.3.1 Counting objects: 11, done. Delta compression using up to 4 threads. Compressing objects: 100% (6/6), done. Writing objects: 100% (6/6), 978 bytes, done. Total 6 (delta 4), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 5226ed9..088dbaf 389-ds-base-1.3.1 -> 389-ds-base-1.3.1
commit 088dbaf
Metadata Update from @mreynolds: - Issue assigned to mreynolds - Issue set to the milestone: 1.2.11.22
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/580
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.