We successfully use OpenLDAP C SDK 2.4.36 integrated with Cyrus-SASL 2.1.23. Recently we have upgraded Cyrus-SASL to 2.1.26 and encountering the next issue. LDAP search consistently fails. We analyzed this issue and found the following behavior. When we use OpenLDAP with Cyrus-SASL 2.1.23 the LDAP Message Search Request payload is wrapped in GSS-API payload. When we use OpenLDAP with Cyrus-SASL 2.1.26 the LDAP Message Search Request payload is not wrapped in GSS-API payload at all. LDAP Search Request looks like clear text LDAP Search Request and not like LDAP SASL Search Request. In both cases - with Cyrus-SASL 2.1.23 and with Cyrus-SASL 2.1.26 – LDAP SASL Bind succeeds and LDAP SASL bindResponse looks identical with Cyrus-SASL 2.1.23 and with Cyrus-SASL 2.1.26.
On the SASL support mail list I was suggested to setup minssf parameter. We have double checked that it's set correctly (=1).
Please advise how to troubleshoot the issue.
Thanks & Regards, Sergey