Server SASL support (or not) #83
Comments
|
Hello! This is very likely not too hard to implement (in terms of failing in a more reasonable way). Actual server SASL support is quite complex, unfortunately. And it's probably better to just enforce TLS. I'll see if I can look into it. I've had a hard time finding time for open source projects lately with lots going on personally / and at work. |
|
Hi there! Thank you for your quick response although you're quite busy. If you find the time to create a fix for this case it would be awesome. I'm not that much into LDAP as you are so creating a PR is a little too complex for me. FYI I'm trying to create a small LDAP to RADIUS proxy for a major vendor storage device which doesn't support RADIUS auth. Sadly it always starts a bind on SASL, if that doesn't work a normal bind and as a last resort anonymous. That's not configurable. |
The server component doesn't support SASL. That's not a direct issue for me, a full implementation might require lots of work. It would be nice though that the server component doesn't close the connection because it doesn't recognize a SASL bind. The bind now closes with "The client sent a malformed request. Terminating their connection." and the client thinks the server refuses to answer so it stops connecting. Better is to (RFC correct) reject the SASL bind so the client could fallback to a simple bind. Is something like that possible to build?
The text was updated successfully, but these errors were encountered: