We successfully use OpenLDAP C SDK 2.4.36 integrated with Cyrus-SASL 2.1.23. Recently we
have upgraded Cyrus-SASL to 2.1.26 and encountering the next issue.
LDAP search consistently fails. We analyzed this issue and found the following behavior.
When we use OpenLDAP with Cyrus-SASL 2.1.23 the LDAP Message Search Request payload is
wrapped in GSS-API payload.
When we use OpenLDAP with Cyrus-SASL 2.1.26 the LDAP Message Search Request payload is not
wrapped in GSS-API payload at all. LDAP Search Request looks like clear text LDAP Search
Request and not like LDAP SASL Search Request.
In both cases - with Cyrus-SASL 2.1.23 and with Cyrus-SASL 2.1.26 – LDAP SASL Bind
succeeds and LDAP SASL bindResponse looks identical with Cyrus-SASL 2.1.23 and with
On the SASL support mail list I was suggested to setup minssf parameter. We have double
checked that it's set correctly (=1).
Please advise how to troubleshoot the issue.
Thanks & Regards,
Show replies by date