[Issue 9547] New: OpenLDAP does not send port as SPN when authenticating SASL GSSAPI

5 May 2021


      https://bugs.openldap.org/show_bug.cgi?id=9547
Issue ID: 9547
           Summary: OpenLDAP does not send port as SPN when authenticating
                    SASL GSSAPI
           Product: OpenLDAP
           Version: 2.4.44
          Hardware: x86_64
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: ---
         Component: libraries
          Assignee: bugs@openldap.org
          Reporter: robert.wilson1717@gmail.com
  Target Milestone: ---
When trying to authenticate to an ADLDS server using kerberos and a MIT ccache,
OpenLdap only passes the hostname to the SASL mechanism, causing a mismatch
between the SPN in the client "ldap/adlds.my.domain" and the one registered in
AD "ldap/adlds.my.domain:50000" 
Is there a way fo forcing OpenLDAP to pass the port as part of the SASL
request? Or is there a part of the OpenLDAP -> Cyprus-SASL -> MIT KRB5 chain
where this can be enabled?
-- 
You are receiving this mail because:
You are on the CC list for the issue.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[Issue 9547] New: OpenLDAP does not send port as SPN when authenticating SASL GSSAPI