[Bug 1188475] [NEW] ldap group doesn't work

sles 1188475 at bugs.launchpad.net
Fri Jun 7 05:53:51 UTC 2013

Public bug reported:


I wrote almost the same mail to sasl mail list, but , I guess, it is
good to fix in 12.04...

This bug exists in 2.1.26 , and in 2.1.25 which is in 12.04

Problem is that after user is authentificated with ldap bind , ldap 
connection for checking user in group ( lak_group_member function )
is made with this user's bind, not bind parameters from config file.
User can not ( and have not in our case- I don't know why , but this is 
not real problem ) have access to ldap groups.
And so, authentication is always fail.

I added unbind and anonymous bind ( enough in our case):

/var/local/files/sasl/cyrus-sasl-2.1.26/saslauthd# diff -ur lak.c.orig 
--- lak.c.orig    2013-06-07 09:15:20.098788278 +0400
+++ lak.c    2013-06-07 09:22:31.504774185 +0400
@@ -1342,6 +1342,10 @@
         if (rc != LAK_OK)
             goto done;

+        lak_unbind (lak );
+        rc  = lak_bind(lak, "");
         rc = ldap_search_st(lak->ld, group_search_base, 
lak->conf->group_scope, group_filter, (char **) group_attrs, 0, 
&(lak->conf->timeout), &res);
         switch (rc) {
             case LDAP_SUCCESS:

but, it is obvoius that rebind should be done with credintials from 
config, but this is over my head :-(

Could you, please, fix this bug correctly?

Thank you!

** Affects: cyrus-sasl2 (Ubuntu)
     Importance: Undecided
         Status: New

You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cyrus-sasl2 in Ubuntu.

  ldap group doesn't work

To manage notifications about this bug go to:

More information about the Ubuntu-server-bugs mailing list