[14608] in Kerberos
Re: openldap and w2k kdc
daemon@ATHENA.MIT.EDU (Booker C. Bense)
Thu Jun 28 09:57:39 2001
Date: Thu, 28 Jun 2001 06:54:03 -0700 (PDT)
From: "Booker C. Bense" <bbense@networking.stanford.edu>
To: Joachim Jauch <joachim.jauch@abaxx.com>
cc: <kerberos@MIT.EDU>
In-Reply-To: <3B39F390.AFE6EC25@abaxx.com>
Message-ID: <Pine.GSO.4.33.0106280648070.23391-100000@shred.stanford.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Wed, 27 Jun 2001, Joachim Jauch wrote:
> "Booker C. Bense" wrote:
> >
> >
> > I've had pretty good luck using Netscape's 3.1 Ldap
> > SDK with the fixes from MS and some slight hacking on my own
> > to get around some local DNS issues.
> >
> > - Booker C. Bense
>
>
> You were right. Thank you. I had used openldap-2.0.7 and now
> have upgraded to openldap-2.0.11 and it works now for queries with small
> results. It was fixed in 2.0.8 (ldap SASL GSSAPI interop bug (ITS#884)).
>
> The following probably is not appropriate for this newsgroup but only
> happens when using GSSAPI:
>
> When doing a query with ldapsearch which results in a big answer (e.g.
> '*')
> I get an error:
> sb_sasl_pkt_length: received illegal packet length of 111264 bytes
> sb_sasl_read: failed to decode packet: generic failure
>
> This behaviour was also reported in the openldap list and according to
> the postings
> it is an error in the AD implementation. (Installing W2k SP2 was no
> solution.)
> Have you had this problem with Netscape's 3.1 LDAP SDK?
>
> Regards,
- We haven't had the problem because we don't do large searches.
Basically we are just getting single entries and doing modifies to
keep AD in sync with our other directory. I would be suprised if
3.1 was any better in this situation. 3.1 is getting pretty long
in the tooth and is really umich 3.3 with the ldap v3 stuff added
in. Openldap started in the same place and has had two more years
of active development since then.
- Booker C. Bense
