sb_sasl_generic_pkt_length: received illegal packet length when using Active Directory and ldapsearch and sasl with ssl or tls
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cyrus-sasl2 |
Fix Released
|
Unknown
|
|||
cyrus-sasl2 (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Bionic |
Triaged
|
Medium
|
Unassigned | ||
Cosmic |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
[Status]
Awaiting upstream fix.
[Workaround]
Unknown.
[Description]
Not sure if this is a problem with openldap or cyrus-sasl2 at this point.
Using sasl binding only works with ldapsearch when not using ssl or tls. If either ssl or tls is used I see this ouput from -d 1 from ldapsearch:
sb_sasl_
sasl_generic_read: want=16, got=16
0000: 00 7e 02 01 00 78 84 00 00 00 5d 0a 01 02 04 00 .~...x....].....
sb_sasl_
sb_sasl_
ldap_read: want=8 error=Input/output error
# numResponses: 0
ldap_result: Can't contact LDAP server (-1)
tls_write: want=165 error=Connection reset by peer
tls_write: want=165 error=Bad file descriptor
Changed in cyrus-sasl2 (Ubuntu): | |
status: | Incomplete → New |
importance: | Undecided → Medium |
description: | updated |
Changed in cyrus-sasl2: | |
status: | Unknown → Fix Released |
Changed in cyrus-sasl2 (Ubuntu Cosmic): | |
status: | Triaged → Won't Fix |
Thank you for taking the time to report this bug and helping to make Ubuntu better.
Please could you explain the impact of this bug? Are you saying that openldap cannot work with SSL or TLS at all, or is there a workaround? Can openldap be used with something other than cyrus-sasl2 for SSL/TLS support?