Yes I didn't mean the commit was wrong. The problem is MS-AD, but before the commit it was possible to do LDAP SASL bind over an SSL/TLS connection to AD if you set min and max SSF below or equal to 128 (doesn't need to be zero). So it would be nice to have some sort of AD compatibility mode. I think it would be okay for this mode to not follow the RFC as long as it is not the default operating mode and it is properly documented.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1015819 Title: sb_sasl_generic_pkt_length: received illegal packet length when using ldapsearch and sasl with ssl or tls Status in cyrus-sasl2 package in Ubuntu: Confirmed Bug description: [Status] This bug needs a developer to reproduce the problem and locate the root cause. [Workaround] Unknown. [Missing] Exact steps to reproduce. [Description] Not sure if this is a problem with openldap or cyrus-sasl2 at this point. Using sasl binding only works with ldapsearch when not using ssl or tls. If either ssl or tls is used I see this ouput from -d 1 from ldapsearch: sb_sasl_generic_pkt_length: received illegal packet length of 813957120 bytes sasl_generic_read: want=16, got=16 0000: 00 7e 02 01 00 78 84 00 00 00 5d 0a 01 02 04 00 .~...x....]..... sb_sasl_cyrus_decode: failed to decode packet: generic failure sb_sasl_generic_read: failed to decode packet ldap_read: want=8 error=Input/output error # numResponses: 0 ldap_result: Can't contact LDAP server (-1) tls_write: want=165 error=Connection reset by peer tls_write: want=165 error=Bad file descriptor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1015819/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
