New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gssapi authentication fails after upgrading 389-ds-base #2533
Comments
Comment from firstyear (@Firstyear) at 2017-11-28 16:41:39 Metadata Update from @Firstyear:
|
Comment from firstyear (@Firstyear) at 2017-11-28 16:43:39 Metadata Update from @Firstyear:
|
Comment from firstyear (@Firstyear) at 2017-11-30 09:14:37 Metadata Update from @Firstyear:
|
Comment from firstyear (@Firstyear) at 2017-11-30 09:15:20 The root cause is a fault in ids_sasl_mech_supported. I am analysing and developing a fix now. |
Comment from firstyear (@Firstyear) at 2017-11-30 14:39:51 |
Comment from firstyear (@Firstyear) at 2017-11-30 14:40:11 |
Comment from firstyear (@Firstyear) at 2017-11-30 14:40:15 Metadata Update from @Firstyear:
|
Comment from tbordaz (@tbordaz) at 2017-11-30 15:15:05 The patch looks good. Do you think those two functions can be merged ? |
Comment from firstyear (@Firstyear) at 2017-11-30 15:22:40 Yes, perhaps. I will check this @tbordaz :) |
Comment from firstyear (@Firstyear) at 2017-11-30 15:59:24 |
Comment from firstyear (@Firstyear) at 2017-11-30 15:59:35 |
Comment from tbordaz (@tbordaz) at 2017-11-30 16:25:49 The fix looks good to me. ACK |
Comment from firstyear (@Firstyear) at 2017-12-01 08:57:22 @tbordaz The tests past for me, but because it's krb/gssapi/sasl, it's really fragile. Having some issues getting them to run reliably for QE. I think I would like to merge the fix now, and @droideck and I will work next week on making these tests work "everywhere". How does that sound? |
Comment from tbordaz (@tbordaz) at 2017-12-01 11:49:44 That sounds a very good plan. You have my ACK for the fix. |
Comment from tbordaz (@tbordaz) at 2017-12-01 11:49:45 Metadata Update from @tbordaz:
|
Comment from firstyear (@Firstyear) at 2017-12-01 11:55:01 commit f75cfbc commit ef204a3 commit 4a8a896 |
Comment from firstyear (@Firstyear) at 2017-12-13 23:29:50 @droideck This might help fix your issues as it changes to fix a hostname detection issue with gssapi related tests. |
Comment from spichugi (@droideck) at 2018-01-02 14:24:23 Looks good to me, ack. One test failed though - dirsrvtests/tests/suites/gssapi/simple_gssapi_test.py::test_invalid_sasl_map And I think I remember you said something about it, that it is expected. Am I right? |
Comment from firstyear (@Firstyear) at 2018-01-04 01:26:31 I need to see the failure you received to be certain, :) commit 87609c0 |
Comment from spichugi (@droideck) at 2018-01-04 07:54:04
It expects "with pytest.raises(ldap.INVALID_CREDENTIALS):" but the exception doesn't happen during "conn = testuser.bind_gssapi()". |
Comment from spichugi (@droideck) at 2018-01-10 09:05:00 Ok, as per discussion with William, we need to modify the test_invalid_sasl_map. In the test, we should remove existing mappings and add only the one from the test. Existing mappings from dse.ldif default install: dn: cn=Kerberos uid mapping,cn=mapping,cn=sasl,cn=config dn: cn=rfc 2829 dn syntax,cn=mapping,cn=sasl,cn=config dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config dn: cn=suffix map,cn=mapping,cn=sasl,cn=config dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config |
Comment from firstyear (@Firstyear) at 2018-01-11 01:46:54 |
Comment from firstyear (@Firstyear) at 2018-01-11 01:47:05 Metadata Update from @Firstyear:
|
Comment from spichugi (@droideck) at 2018-01-11 06:23:39 Metadata Update from @droideck:
|
Comment from firstyear (@Firstyear) at 2018-01-12 01:01:18 commit 0457ea6 |
Comment from firstyear (@Firstyear) at 2018-01-12 01:01:18 Metadata Update from @Firstyear:
|
Comment from vashirov (@vashirov) at 2020-02-12 17:35:09 Metadata Update from @vashirov:
|
Cloned from Pagure issue: https://pagure.io/389-ds-base/issue/49474
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1516676
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
The text was updated successfully, but these errors were encountered: