ldap group doesn't work
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cyrus-sasl2 |
Fix Released
|
Unknown
|
|||
cyrus-sasl2 (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Hello!
I wrote almost the same mail to sasl mail list, but , I guess, it is good to fix in 12.04...
This bug exists in 2.1.26 , and in 2.1.25 which is in 12.04
Problem is that after user is authentificated with ldap bind , ldap
connection for checking user in group ( lak_group_member function )
is made with this user's bind, not bind parameters from config file.
User can not ( and have not in our case- I don't know why , but this is
not real problem ) have access to ldap groups.
And so, authentication is always fail.
I added unbind and anonymous bind ( enough in our case):
/var/local/
lak.c
--- lak.c.orig 2013-06-07 09:15:20.098788278 +0400
+++ lak.c 2013-06-07 09:22:31.504774185 +0400
@@ -1342,6 +1342,10 @@
if (rc != LAK_OK)
goto done;
+ lak_unbind (lak );
+ rc = lak_bind(lak, "");
+
+
rc = ldap_search_
lak->conf-
&(lak->
switch (rc) {
case LDAP_SUCCESS:
but, it is obvoius that rebind should be done with credintials from
config, but this is over my head :-(
Could you, please, fix this bug correctly?
Thank you!
Changed in cyrus-sasl2 (Ubuntu): | |
importance: | Undecided → Medium |
Changed in cyrus-sasl2 (Ubuntu): | |
status: | Incomplete → New |
status: | New → Incomplete |
tags: |
added: server-next removed: needs-upstream-report |
Changed in cyrus-sasl2: | |
status: | Unknown → Fix Released |
tags: | added: server-next-drop |
tags: | removed: server-next server-next-drop |
tags: | removed: bitesize |
Changed in cyrus-sasl2 (Ubuntu): | |
status: | Confirmed → Fix Released |
btw, more correct patch, which revert back bind from config in lak_auth_bind
diff -ur lak.c.orig lak.c
(ISSET( lak->conf- >group_ dn) ||
ISSET( lak->conf- >group_ filter) ) ) member( lak, user, service, realm, dn->value); >authz_ id, >password,
--- lak.c.orig 2013-06-07 09:15:20.098788278 +0400
+++ lak.c 2013-06-08 10:17:07.548233104 +0400
@@ -1448,8 +1448,25 @@
if ( rc == LAK_OK &&
- rc = lak_group_
+ {
+ /* restore config bind */
+ lak_unbind(lak);
+ rc = lak_user(
+ lak->conf->bind_dn,
+ lak->conf->id,
+ lak->conf-
+ lak->conf->mech,
+ lak->conf->realm,
+ lak->conf-
+ &lu);
+ if (rc != LAK_OK)
+ goto done;
+ rc = lak_bind(lak, lu);
+ if (rc != LAK_OK)
+ goto done;
+ rc = lak_group_ member( lak, user, service, realm, dn->value);
lak_user_ free(lu) ;
+ }
done:;
if (lu)
don't sure it is correct from leaking some resources though
anyway it works