This patch (hopefully) fixes an interop issues with AD servers where they fail to realize the connection is indeed integrity protected.
It's a bit of a hack as we need to work around openldap initialization of cyrus sasl libraries. But it should work unitl we get openldap libraries to expose SASL_CB_GETOPT to us.
Ticket: https://fedorahosted.org/sssd/ticket/2040
Simo.
On Fri, Aug 02, 2013 at 12:14:56PM -0400, Simo Sorce wrote:
This patch (hopefully) fixes an interop issues with AD servers where they fail to realize the connection is indeed integrity protected.
It's a bit of a hack as we need to work around openldap initialization of cyrus sasl libraries. But it should work unitl we get openldap libraries to expose SASL_CB_GETOPT to us.
Ticket: https://fedorahosted.org/sssd/ticket/2040
Simo.
-- Simo Sorce * Red Hat, Inc * New York
I verified that the code makes the sasl libraries set the option internally. I haven't been able to reproduce the error the reporter saw on sssd-users, so I'd like to wait for his testing before pushing the patch..
Looks good, though.
On Mon, Aug 05, 2013 at 04:17:54PM +0200, Jakub Hrozek wrote:
On Fri, Aug 02, 2013 at 12:14:56PM -0400, Simo Sorce wrote:
This patch (hopefully) fixes an interop issues with AD servers where they fail to realize the connection is indeed integrity protected.
It's a bit of a hack as we need to work around openldap initialization of cyrus sasl libraries. But it should work unitl we get openldap libraries to expose SASL_CB_GETOPT to us.
Ticket: https://fedorahosted.org/sssd/ticket/2040
Simo.
-- Simo Sorce * Red Hat, Inc * New York
I verified that the code makes the sasl libraries set the option internally. I haven't been able to reproduce the error the reporter saw on sssd-users, so I'd like to wait for his testing before pushing the patch..
Looks good, though.
The reporter confirmed that the patch fixed the problem for him.
ACK.
On Tue, Aug 06, 2013 at 09:43:29PM +0200, Jakub Hrozek wrote:
On Mon, Aug 05, 2013 at 04:17:54PM +0200, Jakub Hrozek wrote:
On Fri, Aug 02, 2013 at 12:14:56PM -0400, Simo Sorce wrote:
This patch (hopefully) fixes an interop issues with AD servers where they fail to realize the connection is indeed integrity protected.
It's a bit of a hack as we need to work around openldap initialization of cyrus sasl libraries. But it should work unitl we get openldap libraries to expose SASL_CB_GETOPT to us.
Ticket: https://fedorahosted.org/sssd/ticket/2040
Simo.
-- Simo Sorce * Red Hat, Inc * New York
I verified that the code makes the sasl libraries set the option internally. I haven't been able to reproduce the error the reporter saw on sssd-users, so I'd like to wait for his testing before pushing the patch..
Looks good, though.
The reporter confirmed that the patch fixed the problem for him.
ACK.
Pushed to master and sssd-1-10.
sssd-devel@lists.fedorahosted.org