Full_Name: Florian Schmaus Version: OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (131.188.31.107)

com.novell.sasl.client.DigestMD5SaslClient is using a hard-coded prefix "ldap/" concatenated with 'm_ServerName' as value for the 'digest-uri' attribute in the SASL response. The correct value for 'digest-uri' is 'm_digestURI'. This would make the code ldap agnostic and re-useable for other purposes (e.g. XMPP), while still being able to perform ldap auth. See the following patch:

--- a/com/novell/sasl/client/DigestMD5SaslClient.java 2009-12-07 19:14:10.000000000 +0100 +++ b/com/novell/sasl/client/DigestMD5SaslClient.java 2009-12-07 19:19:07.000000000 +0100 @@ -673,8 +673,8 @@ digestResponse.append("00000001"); //nounce count digestResponse.append(",qop="); digestResponse.append(m_qopValue); - digestResponse.append(",digest-uri="ldap/"); - digestResponse.append(m_serverName); + digestResponse.append(",digest-uri=""); + digestResponse.append(m_digestURI); digestResponse.append("",response="); digestResponse.append(response); digestResponse.append(",charset=utf-8,nonce="");