Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-5148

Cannot use GSSAPI with openldap-clients

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Undefined Undefined
    • None
    • rhel-8.6.0
    • sssd
    • None
    • Moderate
    • rhel-idm-sssd
    • ssg_idm
    • 0
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • If docs needed, set a value
    • None
    • 57,005

      Description of problem:
      I cannot use GSSAPI with ldapsearch, but is work from the 2.4.46 source code.

      Version-Release number of selected component (if applicable):
      $ rpm -qa | grep -i ldap
      python3-ldap-3.3.1-2.el8.x86_64
      openldap-2.4.46-18.el8.x86_64
      sssd-ldap-2.6.2-3.el8.x86_64
      perl-LDAP-0.66-7.el8.noarch
      openldap-clients-2.4.46-18.el8.x86_64

      How reproducible:
      Install the latest version of openldap-client from Rhel8_BaseOS depot with Red Hat Enterprise Linux 8.6.

      Steps to Reproduce:
      1. sudo dnf install openldap-clients
      2. ldapsearch -H ldap://yourldapserver.lan -b "dc=yourldapserver,dc=lan" "(sAMAccountName=guest)" -LLL -Y GSSAPI

      Actual results:
      SASL/GSSAPI authentication started
      ldap_sasl_interactive_bind_s: Local error (-2)
      additional info: SASL(-1): generic failure: GSSAPI Error: An invalid name was supplied (Success)

      Expected results:
      SASL/GSSAPI authentication started
      SASL username: USER@YOURLDAPSERVER.LAN
      SASL SSF: 256
      SASL data security layer installed.

      Additional info:
      When i compile with the same version (openldap-2.4.46), i got the expected results with :
      wget https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-2.4.46.tgz
      tar -xf openldap-2.4.46.tgz
      cd openldap-2.4.46/
      sudo dnf install libdb-devel cyrus-sasl-devel libtool-ltdl-devel
      rpm -qa | grep -e libdb-devel -e cyrus-sasl-devel -e libtool-ltdl-devel
      #libtool-ltdl-devel-2.4.6-25.el8.x86_64
      #cyrus-sasl-devel-2.1.27-6.el8_5.x86_64
      #libdb-devel-5.3.28-42.el8_4.x86_64
      ./configure --with-cyrus-sasl
      make depend
      make
      ./clients/tools/ldapsearch -H ldap://yourldapserver.lan -b "dc=yourldapserver,dc=lan" "(sAMAccountName=guest)" -Y GSSAPI

              sbose@redhat.com Sumit Bose
              quentin.laffitte Quentin LAFFITTE (Inactive)
              SSSD Maintainers SSSD Maintainers
              SSSD QE SSSD QE
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated:
                Resolved: