Univention Bugzilla – Bug 35513
AD Member Mode: add sasl_secprops_maxssf=... to ldap.conf for sasl authentication with AD
Last modified: 2014-08-07 17:49:55 CEST
We need to set sasl_secprops_maxssf=128 to successfully bind to an AD with kerberos/sasl.
branch 3.2-2 and 3.2-3 * added ldap/sasl/secprops/maxssf to univention-ldap * in univention-lib/python/admember.py added set ldap/sasl/secprops/maxssf=128 in enable_ssl and unset ldap/sasl/secprops/maxssf in disable_sll YAML: 2014-07-29-univention-ldap.yaml
Works. root@master71:~# python -c 'import univention.lib.admember as ad; ad.enable_ssl()' Setting connector/ad/ldap/ssl Setting ldap/sasl/secprops/maxssf File: /etc/ldap/ldap.conf root@master71:~# grep maxssf /etc/ldap/ldap.conf sasl_secprops_maxssf=128 root@master71:~# python -c 'import univention.lib.admember as ad; ad.disable_ssl()' Setting connector/ad/ldap/ssl Unsetting ldap/sasl/secprops/maxssf File: /etc/ldap/ldap.conf root@master71:~# grep maxssf /etc/ldap/ldap.conf || echo gone gone Advisory: OK
http://errata.univention.de/ucs/3.2/176.html