163362 2007-01-22 22:56 0000 sys-auth/nss_ldap and openldap + sasl + gssapi 2007-01-31 02:33:56 0000 1 1 1 Unclassified Gentoo Linux Ebuilds unspecified All Linux RESOLVED FIXED P2 enhancement --- 1 lkml_ccc@yahoo.it robbat2@gentoo.org lkml_ccc@yahoo.it 2007-01-22 22:56:42 0000 The current ebuild does not set the configure variable required to bind to openldap via gssapi. Instead of binding using the configured (in ldap.conf) principal, it binds as anonymous. This break a configuration where simple bind is not allowed to openldap. Reproducible: Always Steps to Reproduce: 1.Use a configuration similar to this (look at last 5 options in ldap.conf) http://www.nabble.com/Re:-nss_ldap-using-sasl-with-gssapi.-Kerberos-credentials-cache%09problem-Scanned--t2270116.html 2. 3. Actual Results: Sasl bind does not work (as it does not use/find cache credentials) Expected Results: It should use the configured cache credentials. lkml_ccc@yahoo.it 2007-01-22 22:58:26 0000 Created an attachment (id=107851) My modified ebuild This ebuild works for me. robbat2@gentoo.org 2007-01-31 02:33:56 0000 fixed in cvs. 107851 2007-01-22 22:58 0000 My modified ebuild nss_ldap-253-r1.ebuild text/plain IyBDb3B5cmlnaHQgMTk5OS0yMDA3IEdlbnRvbyBGb3VuZGF0aW9uCiMgRGlzdHJpYnV0ZWQgdW5k ZXIgdGhlIHRlcm1zIG9mIHRoZSBHTlUgR2VuZXJhbCBQdWJsaWMgTGljZW5zZSB2MgojICRIZWFk ZXI6IC92YXIvY3Zzcm9vdC9nZW50b28teDg2L3N5cy1hdXRoL25zc19sZGFwL25zc19sZGFwLTI1 My5lYnVpbGQsdiAxLjggMjAwNy8wMS8wNSAwOToxMjozMCBmbGFtZWV5ZXMgRXhwICQKCmluaGVy aXQgZml4aGVhZHRhaWxzIGV1dGlscyBtdWx0aWxpYgoKSVVTRT0iZGVidWcgc2FzbCBrZXJiZXJv cyIKCkRFU0NSSVBUSU9OPSJOU1MgTERBUCBNb2R1bGUiCkhPTUVQQUdFPSJodHRwOi8vd3d3LnBh ZGwuY29tL09TUy9uc3NfbGRhcC5odG1sIgpTUkNfVVJJPSJodHRwOi8vd3d3LnBhZGwuY29tL2Rv d25sb2FkLyR7UH0udGFyLmd6IgoKU0xPVD0iMCIKTElDRU5TRT0iTEdQTC0yIgpLRVlXT1JEUz0i YWxwaGEgYW1kNjQgfmhwcGEgfm1pcHMgcHBjIHBwYzY0IHNwYXJjIHg4NiIKCkRFUEVORD0iPj1u ZXQtbmRzL29wZW5sZGFwLTIuMS4zMC1yNQoJCXNhc2w/ICggZGV2LWxpYnMvY3lydXMtc2FzbCAp CgkJa2VyYmVyb3M/ICggdmlydHVhbC9rcmI1ICkiClJERVBFTkQ9IiR7REVQRU5EfQoJCSE8bmV0 LWZzL2F1dG9mcy00LjEuMyIKCnNyY191bnBhY2soKSB7Cgl1bnBhY2sgJHtBfQoJY2QgJHtTfQoJ ZXBhdGNoICR7RklMRVNESVJ9L25zc3dpdGNoLmxkYXAuZGlmZgoJZXBhdGNoICR7RklMRVNESVJ9 LyR7UE59LTIzOS10bHMtc2VjdXJpdHktYnVnLnBhdGNoCgllcGF0Y2ggJHtGSUxFU0RJUn0vJHtQ Tn0tMjQ5LXNhc2wtY29tcGlsZS5wYXRjaAoJRVBBVENIX09QVFM9Ii1wMSAtZCAke1N9IiBlcGF0 Y2ggJHtGSUxFU0RJUn0vJHtQTn0tMjUyLXJlY29ubmVjdC10aW1lb3V0cy5wYXRjaAoJc2VkIC1p Lm9yaWcgXAoJCS1lICcvXiBAKCMpXCRJZDogbGRhcC5jb25mLHYvcyxeLCMsJyBcCgkJJHtTfS9s ZGFwLmNvbmYgfHwgZGllICJmYWlsZWQgdG8gY2xlYW4gdXAgaW5pdGlhbCB2ZXJzaW9uIG1hcmtl ciIKCSMgZml4IGhlYWQvdGFpbCBzdHVmZgoJaHRfZml4X2ZpbGUgJHtTfS9NYWtlZmlsZS5hbSAk e1N9L01ha2VmaWxlLmluICR7U30vZGVwY29tcAoJIyBmaXggYnVpbGQgYm9ya2FnZQoJZm9yIGkg aW4gTWFrZWZpbGUue2luLGFtfTsgZG8KCSAgc2VkIC1pLm9yaWcgXAoJICAgIC1lICcvXmluc3Rh bGwtZXhlYy1sb2NhbDogbnNzX2xkYXAuc28vcyxuc3NfbGRhcC5zbywsZycgXAoJICAgICR7U30v JGkKCWRvbmUKfQoKc3JjX2NvbXBpbGUoKSB7Cglsb2NhbCBteWNvbmY9IiIKCXVzZSBkZWJ1ZyAm JiBteWNvbmY9IiR7bXljb25mfSAtLWVuYWJsZS1kZWJ1Z2dpbmciCgl1c2Uga2VyYmVyb3MgJiYg bXljb25mPSIke215Y29uZn0gLS1lbmFibGUtY29uZmlndXJhYmxlLWtyYjUtY2NuYW1lLWdzc2Fw aSIKCWVjb25mIFwKCQktLXdpdGgtbGRhcC1saWI9b3BlbmxkYXAgXAoJCS0tbGliZGlyPS8kKGdl dF9saWJkaXIpIFwKCQktLWVuYWJsZS1zY2hlbWEtbWFwcGluZyBcCgkJLS1lbmFibGUtcGFnZWQt cmVzdWx0cyBcCgkJLS1lbmFibGUtcmZjMjMwN2JpcyBcCgkJJHtteWNvbmZ9IHx8IGRpZSAiY29u ZmlndXJlIGZhaWxlZCIKCgllbWFrZSB8fCBkaWUgIm1ha2UgZmFpbGVkIgp9CgpzcmNfaW5zdGFs bCgpIHsKCWRvZGlyIC8kKGdldF9saWJkaXIpCgoJZW1ha2UgLWoxIERFU1RESVI9IiR7RH0iIGlu c3RhbGwgfHwgZGllICJtYWtlIGluc3RhbGwgZmFpbGVkIgoKCWluc2ludG8gL2V0YwoJZG9pbnMg bGRhcC5jb25mCgoJZG9kb2MgbGRhcC5jb25mIEFOTk9VTkNFIE5FV1MgQ2hhbmdlTG9nIEFVVEhP UlMgXAoJCUNPUFlJTkcgQ1ZTVmVyc2lvbkluZm8udHh0IFJFQURNRSBuc3N3aXRjaC5sZGFwIGNl cnR1dGlsCglkb2NpbnRvIGRvY3M7IGRvZG9jIGRvYy8qCn0K