On Wed, Oct 27, 2004 at 09:13:11PM +0200, Wido Depping wrote:
> Good to hear that digest-md5 works correct. Then Luma must be doing
> something right ;)
> Python-LDAP comes with some examples, one including SASL binding. If
> you want to see what Luma is doing, look at
> {INSTALLATION-PREFIX}/lib/luma/base/backend/LumaConnection.py . The
> function 'bind()' contains all code for binding is mainly doing the
> same as the python-ldap examples.
> I hope we can fix this problem :)
Here is what I just did:
--- luma-1.4-r1/lib/luma/base/backend/LumaConnection.py.orig 2004-08-18
18:06:41.000000000 -0300
+++ luma-1.4-r1/lib/luma/base/backend/LumaConnection.py 2004-11-04
15:01:57.806732080 -0200
@@ -172,9 +172,7 @@
elif self.serverMeta.authMethod == u"Simple":
self.ldapServerObject.simple_bind(whoVal, credVal)
elif u"SASL" in self.serverMeta.authMethod:
- sasl_cb_value_dict = None
- if not u"GSSAPI" in self.serverMeta.authMethod:
- sasl_cb_value_dict = {ldap.sasl.CB_AUTHNAME:whoVal,
ldap.sasl.CB_PASS:credVal}
+ sasl_cb_value_dict = {ldap.sasl.CB_AUTHNAME:whoVal,
ldap.sasl.CB_PASS:credVal}
sasl_mech = None
if self.serverMeta.authMethod == u"SASL Plain":
I tested it with gssapi and digest-md5, and it works. GSSAPI works with or
without a
ldap service ticket. With just the tgt ticket, it will fetch the ldap ticket
automatically.
SSF is also in place.
It seems one just has to treat gssapi the same way as the other mechanisms, but
leave
the username and password blank.
Now, I came across this via trial and error, so I hope it's not too broken and
will help
finding the right fix if this is not it.
-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
|
