Hello,
I have been working on extending an application that searches LDAP server with Kerberos support. I can now bind and then search using the following mechanism:
- Simple Bind - Simple Bind with TLS - Kerberos Bind
I am having issues when I have Kerberos bind and TLS turned on.
I can see the the Kerberos ticket established, the SASL bind to the LDAP server complete, but the LDAP search failing as the message cannot be parsed by the server.
I use the following open source libraries: - OpenLDAP - Cyrus SASL - OpenSSL - Heimdal
In my debugging, I noticed that there are different writers that are installed in the chain. I turned on debugging, and hence I see these writers called in the order listed:
- simple with TLS: sb_debug_write() -> tlso_sb_write() -> sb_debug_write() -> sb_stream_write() - Kerberos Bind: sb_debug_write() -> sb_sasl_generic_write() -> sb_debug_write() -> sb_stream_write() - Kerberos + TLS: sb_debug_write() -> sb_sasl_generic_write() -> sb_debug_write() -> tlso_sb_write() -> sb_debug_write() -> sb_stream_write()
Is this a use case that is supposed to work? What could I be missing?
Thanks! Kris
--On Monday, October 06, 2014 2:27 PM -0400 Kristof Takacs kristof.takacs@gmail.com wrote:
I use the following open source libraries:
- OpenLDAP
- Cyrus SASL
- OpenSSL
- Heimdal
It is always critical to list the versions of software you are using. Please do so.
--Quanah
--
Quanah Gibson-Mount Server Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
Kristof Takacs -
Quanah Gibson-Mount