[PATCH 6/6] wldap32: log in with the authentication name instead of the authorization name
Dmitry Timoshkov
dmitry at baikal.ru
Mon Feb 8 02:01:47 CST 2021
Hans Leidekker <hans at codeweavers.com> wrote:
> > > - else if (sasl->id == SASL_CB_USER)
> > > + else if (sasl->id == SASL_CB_AUTHNAME)
> > > {
> > > sasl->result = id->User;
> > > sasl->len = id->UserLength;
> >
> > https://bugs.winehq.org/show_bug.cgi?id=50545#c23
>
> That comment is not entirely correct. In my testing GSSAPI does invoke
> this callback but fails if it returns a result.
It works here with my username and a Kerberos ticket (0x4001 - SASL_CB_USER):
0024:trace:adsldp:openobj_OpenDSObject 0019975C,L"LDAP://xxx.yyy.zzz/rootDSE",L"user",001997FC,00000021,0031C1E0
0024:trace:adsldp:openobj_OpenDSObject host L"xxx.yyy.zzz", port 0, object L"rootDSE"
0024:trace:wldap32:ldap_initW (L"xxx.yyy.zzz", 0)
0024:trace:wldap32:ldap_set_optionW (0x19a5a8, 0x00000011, 0x31bd60)
0024:trace:wldap32:ldap_connect (0x19a5a8, (nil))
0024:trace:wldap32:ldap_bind_sW (0x19a5a8, (null), 0x31bd70, 0x00000486)
0024:trace:wldap32:sasl_interact 0x7d78f320,00000002,0x31bbd8,0x7d792600
0024:trace:wldap32:sasl_interact sasl->id = 4001
0024:trace:wldap32:ldap_search_sW (0x19a5a8, (null), 0x00000000, L"(objectClass=*)", 0x31bd28, 0x00000000, 0x31bd14)
0024:trace:wldap32:WLDAP32_ldap_first_entry (0x19a5a8, 0x7d784d00)
0024:trace:wldap32:ldap_get_valuesW (0x19a5a8, 0x7d784d00, L"subschemaSubentry")
It's a snippet of the log running AD Explorer.
P.S.
Since we all are testing in different AD/LDAP configurations it would really
help to have AD/LDAP testing server at winehq, so that we could be on the same
page, and compare apples to apples.
--
Dmitry.
More information about the wine-devel
mailing list