[Bug 1015819] Re: sb_sasl_generic_pkt_length: received illegal packet length when using ldapsearch and sasl with ssl or tls
Michael Osipov
1015819 at bugs.launchpad.net
Wed May 6 19:44:09 UTC 2015
I can confirm that this bug is still present in the most recent versions
of OpenLDAP and SASL. Johnny Westerlund's statement is correct but the
tip isn't.
Here is the deal: https://msdn.microsoft.com/en-us/library/cc223500.aspx
Active Directory does not support GSS-API integrity/confidentiality over TLS encrypted sockets. Unfortumately, you cannot disable integrity in SASL. It is enabled by default. maxssf=0 does not work and gives you: ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error: A required input parameter could not be read (Unknown error)
Here is the code in question: https://github.com/michael-o/cyrus-
sasl/blob/master/plugins/gssapi.c#L1586-L1596
FWIT: This fails on RHEL, FreeBSD and HP-UX, it fails everywhere with
MIT Kerberos.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cyrus-sasl2 in Ubuntu.
https://bugs.launchpad.net/bugs/1015819
Title:
sb_sasl_generic_pkt_length: received illegal packet length when using
ldapsearch and sasl with ssl or tls
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1015819/+subscriptions
More information about the Ubuntu-server-bugs
mailing list