Bug#703113: libsasl2-modules-gssapi-mit: Java client GSSAPI connections to OpenLDAP fail
Ondřej Surý
ondrej at sury.org
Thu Mar 21 13:39:52 UTC 2013
It might be related to
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665476
As a first thing I would suggest to recompile Java bindings.
Also when you said:
> We do not see this problem on our squeeze systems using version
> 2.1.23.dfsg1-8 of libsasl2-modules-gssapi-mit.
> We do see the same problem if we use libsasl2-modules-gssapi-heimdal
> instead of libsasl2-modules-gssapi-mit.
It might suggest that the problem doesn't have to be in libsasl2, but it
could be burried deeper in the libkrb5-3 library which got bumped from
1.8.3 to 1.10.1. Would it be possible for you to mix the libraries and use
libkrb5-3 from squeeze?
Also don't forget that wheezy got multiarched, so everything will break if
you have static paths to libraries somewhere.
Ondrej
On Mon, Mar 18, 2013 at 7:43 AM, Bill MacAllister <whm at stanford.edu> wrote:
>
>
> --On Saturday, March 16, 2013 07:03:38 PM -0500 Dan White <dwhite at olp.net>
> wrote:
>
> On 03/15/13 01:47 -0700, Bill MacAllister wrote:
>>
>>> Package: libsasl2-modules-gssapi-mit
>>> Version: 2.1.25.dfsg1-6
>>> Severity: important
>>>
>>> Dear Maintainer,
>>>
>>> We are starting the process of upgrading our LDAP service to OpenLDAP
>>> 2.4.34 on wheezy. None of the Java applications that we have tested
>>> can connect to the LDAP server using GSSAPI.
>>>
>>
>> Can you reproduce this problem using ldapwhoami on the client?
>>
>
> No I can't.
>
> trainmaster% ldapwhoami -h ldap-dev1
> SASL/GSSAPI authentication started
> SASL username: whm at stanford.edu
> SASL SSF: 56
> SASL data security layer installed.
> dn:uid=whm,cn=accounts,dc=**stanford,dc=edu
>
> Also ldapsearch works fine. And an assortment of perl scripts that
> use both Net::LDAP and Net::LDAPapi don't appear to have a problem.
>
> Bill
>
>
> --
>
> Bill MacAllister
> Infrastructure Delivery Group, Stanford University
>
>
> ______________________________**_________________
> Pkg-cyrus-sasl2-debian-devel mailing list
> Pkg-cyrus-sasl2-debian-devel@**lists.alioth.debian.org<Pkg-cyrus-sasl2-debian-devel at lists.alioth.debian.org>
> http://lists.alioth.debian.**org/cgi-bin/mailman/listinfo/**
> pkg-cyrus-sasl2-debian-devel<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-cyrus-sasl2-debian-devel>
>
--
Ondřej Surý <ondrej at sury.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-cyrus-sasl2-debian-devel/attachments/20130321/d6ca064a/attachment.html>
More information about the Pkg-cyrus-sasl2-debian-devel
mailing list