--On Tuesday, October 20, 2009 1:19 PM -0700 Quanah Gibson-Mount quanah@zimbra.com wrote:
--On Monday, October 19, 2009 10:58 PM +0000 quanah@zimbra.com wrote:
--On Monday, October 19, 2009 3:46 PM -0700 Quanah Gibson-Mount quanah@zimbra.com wrote:
This problem is also seen with Net::LDAPapi perl module, so it is library rather than tool specific.
It seems to be SASL specific as well (Stanford uses GSSAPI binds). I modified one of the problematic servers to have access to * by * read as its only ACL, and then did two searches. One using SASL/GSSAPI and one using anonymous query. The anonymous query succeeded across multiple runs. The SASL/GSSAPI query failed to complete.
This was with a 2.4.19 ldapsearch binary against a remote 2.4.19 slapd.
Using a similar setup of OpenLDAP 2.3.13, MIT Kerberos, and Cyrus-sasl 2.1.21 fails when built on Linux. Succeeds under Solaris. I'm going to try OL 2.4.19 + cyrus-sasl 2.1.23 + heimdal under solaris next.
OpenLDAP 2.4.19 + cyrus-sasl 2.1.23 + Heimdal 1.2.1 + OpenSSL 0.9.8k works perfectly under solaris for me.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration