Re: SASL GSSAPI success stories?

On Thu, 4 Nov 2004 15:05:08 -0200, Andreas <andreas@xxxxxxxxxxxxxxxx> wrote:
> On Wed, Oct 27, 2004 at 09:13:11PM +0200, Wido Depping wrote:
> > Good to hear that digest-md5 works correct. Then Luma must be doing
> > something right ;)
> > Python-LDAP comes with some examples, one including  SASL binding. If
> > you want to see what Luma is doing, look at
> > {INSTALLATION-PREFIX}/lib/luma/base/backend/LumaConnection.py . The
> > function 'bind()' contains all code for binding is mainly doing the
> > same as the python-ldap examples.
> > I hope we can fix this problem :)
> 
> Here is what I just did:
> 
> --- luma-1.4-r1/lib/luma/base/backend/LumaConnection.py.orig    2004-08-18 
> 18:06:41.000000000 -0300
> +++ luma-1.4-r1/lib/luma/base/backend/LumaConnection.py 2004-11-04 
> 15:01:57.806732080 -0200
> @@ -172,9 +172,7 @@
>              elif self.serverMeta.authMethod == u"Simple":
>                  self.ldapServerObject.simple_bind(whoVal, credVal)
>              elif u"SASL" in self.serverMeta.authMethod:
> -                sasl_cb_value_dict = None
> -                if not u"GSSAPI" in self.serverMeta.authMethod:
> -                    sasl_cb_value_dict = {ldap.sasl.CB_AUTHNAME:whoVal, 
> ldap.sasl.CB_PASS:credVal}
> +                sasl_cb_value_dict = {ldap.sasl.CB_AUTHNAME:whoVal, 
> ldap.sasl.CB_PASS:credVal}
> 
>                  sasl_mech = None
>                  if self.serverMeta.authMethod == u"SASL Plain":
> 
> I tested it with gssapi and digest-md5, and it works. GSSAPI works with or 
> without a
> ldap service ticket. With just the tgt ticket, it will fetch the ldap ticket 
> automatically.
> SSF is also in place.
> 
> It seems one just has to treat gssapi the same way as the other mechanisms, 
> but leave
> the username and password blank.
> 
> Now, I came across this via trial and error, so I hope it's not too broken 
> and will help
> finding the right fix if this is not it.

Hi Andreas,
It seems you're right with this. I just had a look at the python-ldap
example again, a with  GSSAPI they have an empty dictionary instead of
the value None. I've made the changes according to this. Please test
the tarball at http://home.tu-clausthal.de/~ifwd/luma/luma-1.5_pre18.tar.bz2
and tell me if it works.
It would be cool to have SASL/Kerberos finally working :)

bye
  Wido
-- 
Wido Depping
ICQ: 51303067    AIM: wido3379
Jabber: wido@xxxxxxxxxxxxx
Blog: http://widoww.blogspot.com


-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click