Currently it is possible to add invalid SASL mechanism to nsslapd-allowed-sasl-mechanisms.
Steps to Reproduce:
[jrusnack@localhost slapd-dstet]$ ldapmodify -h $HOST -p $PORT -D "cn=directory manager" -w Secret123 <<EOF dn: cn=config changetype: modify replace: nsslapd-allowed-sasl-mechanisms nsslapd-allowed-sasl-mechanisms: GSSAPI ?????? EOF
modifying entry "cn=config"
[jrusnack@localhost slapd-dstet]$ ldapsearch -h $HOST -p $PORT -D "cn=directory manager" -w Secret123 -b "cn=config" -s base -LLL nsslapd-allowed-sasl-mechanisms dn: cn=config nsslapd-allowed-sasl-mechanisms:: xaHDocS+w73EjcW+
As per RFC 4422: SASL mechanisms are named by character strings, from 1 to 20 characters in length, consisting of ASCII [ASCII] uppercase letters, digits, hyphens, and/or underscores.
http://tools.ietf.org/html/rfc4422#page-8
Additional info: Note that in this scenario GSSAPI actually works as allowed mechanism.
attachment 0001-Ticket-47614-Possible-to-specify-invalid-SASL-mechan.patch
git merge ticket47614 Updating 0cb6de1..7e8a5fc Fast-forward ldap/servers/slapd/libglobs.c | 60 +++++++++++++++++++++++++++++++++++++++++ 1 files changed, 60 insertions(+), 0 deletions(-)
git push origin master Counting objects: 11, done. Delta compression using up to 4 threads. Compressing objects: 100% (6/6), done. Writing objects: 100% (6/6), 1.56 KiB, done. Total 6 (delta 4), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 0cb6de1..7e8a5fc master -> master
commit 7e8a5fc Author: Mark Reynolds mreynolds@redhat.com Date: Mon Dec 2 17:13:55 2013 -0500
0dd81fc..158795a 389-ds-base-1.3.2 -> 389-ds-base-1.3.2
f146131..f00321f 389-ds-base-1.3.1 -> 389-ds-base-1.3.1
Metadata Update from @mreynolds: - Issue assigned to mreynolds - Issue set to the milestone: 1.3.1.17
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/951
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.