[Bug 50572] New: LDAP_AUTH_NEGOTIATE login fails as authorization user is used instead of authentication user
https://bugs.winehq.org/show_bug.cgi?id=50572
Bug ID: 50572 Summary: LDAP_AUTH_NEGOTIATE login fails as authorization user is used instead of authentication user Product: Wine Version: 6.0 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: wldap32 Assignee: wine-bugs@winehq.org Reporter: damjan.jov@gmail.com Distribution: ---
In the "ldapsearch" command line tool, "-X" is the authorization user and "-U" is the authentication user. For a server using LDAP_AUTH_NEGOTIATE, it must have the authentication user - supplying only the authorization user always fails:
$ ldapsearch -h HOSTNAME -v -X USERNAME -W ldap_initialize( ldap://HOSTNAME ) Enter LDAP Password: SASL/DIGEST-MD5 authentication started ldap_sasl_interactive_bind_s: Invalid credentials (49) <===================== additional info: 8009030C: LdapErr: DSID-0C09055F, comment: AcceptSecurityContext error, data 52e, v23f0
Changing the "-X" to "-U", it successfully logs in. If both "-X" and "-U" are present, it also successfully logs in.
In dlls/wldap32/bind.c, in the callback function sasl_interact(), Wine supplies its username to SASL_CB_USER which is like "-X", so login always fails the same way. If I change it to supply the username to SASL_CB_AUTHNAME (like "-U"), login succeeds.
https://bugs.winehq.org/show_bug.cgi?id=50572
Damjan Jovanovic damjan.jov@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |patch
--- Comment #1 from Damjan Jovanovic damjan.jov@gmail.com --- Patch sent: https://source.winehq.org/patches/data/198804
https://bugs.winehq.org/show_bug.cgi?id=50572
--- Comment #2 from Hans Leidekker hans@meelstraat.net --- This may be fixed, the username is supplied to SASL_CB_AUTHNAME now.
-
WineHQ Bugzilla