[Bug 50572] New: LDAP_AUTH_NEGOTIATE login fails as authorization user is used instead of authentication user
WineHQ Bugzilla
wine-bugs at winehq.org
Wed Jan 27 09:19:02 CST 2021
https://bugs.winehq.org/show_bug.cgi?id=50572
Bug ID: 50572
Summary: LDAP_AUTH_NEGOTIATE login fails as authorization user
is used instead of authentication user
Product: Wine
Version: 6.0
Hardware: x86-64
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: wldap32
Assignee: wine-bugs at winehq.org
Reporter: damjan.jov at gmail.com
Distribution: ---
In the "ldapsearch" command line tool, "-X" is the authorization user and "-U"
is the authentication user. For a server using LDAP_AUTH_NEGOTIATE, it must
have the authentication user - supplying only the authorization user always
fails:
$ ldapsearch -h HOSTNAME -v -X USERNAME -W
ldap_initialize( ldap://HOSTNAME )
Enter LDAP Password:
SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49) <=====================
additional info: 8009030C: LdapErr: DSID-0C09055F, comment:
AcceptSecurityContext error, data 52e, v23f0
Changing the "-X" to "-U", it successfully logs in. If both "-X" and "-U" are
present, it also successfully logs in.
In dlls/wldap32/bind.c, in the callback function sasl_interact(), Wine supplies
its username to SASL_CB_USER which is like "-X", so login always fails the same
way. If I change it to supply the username to SASL_CB_AUTHNAME (like "-U"),
login succeeds.
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list