search

inejge / ldap3

A pure-Rust LDAP library using the Tokio stack
Apache License 2.0
220 stars 38 forks source link

SASL EXTERNAL bind returns SASL bind in progress in 0.10, worked fine in 0.9 #83

Closed taladar closed 2 years ago

taladar commented 2 years ago

Presumably there is some interaction with the new GSSAPI feature introduced in 0.10.

I am using this feature with SSL client certificates and CA certificate with a custom TLS connector to connect to an OpenLDAP server

use native_tls::{Certificate, Identity, TlsConnector};
use openssl::pkcs12::Pkcs12;
use openssl::pkey::PKey;
use openssl::x509::X509;
     let mut client_cert_contents = Vec::new();
      {
          let mut file = File::open(client_cert_path)?;
          file.read_to_end(&mut client_cert_contents)?;
      }
      let client_cert = X509::from_pem(&client_cert_contents)?;
      let mut client_key_contents = Vec::new();
      {
          let mut file = File::open(client_key_path)?;
          file.read_to_end(&mut client_key_contents)?;
      }
      let client_key = PKey::private_key_from_pem(&client_key_contents)?;
      let p12_password = "client";
      let p12 = Pkcs12::builder().build(p12_password, "client", &client_key, &client_cert)?;
      let p12_contents = p12.to_der()?;
      let mut ca_cert_contents = Vec::new();
      {
          let mut file = File::open(ca_cert_path)?;
          file.read_to_end(&mut ca_cert_contents)?;
      }
     let identity = Identity::from_pkcs12(&p12_contents, p12_password)?;
      let ca_certificate = Certificate::from_pem(&ca_cert_contents)?;
      let connector = TlsConnector::builder()
          .identity(identity)
          .add_root_certificate(ca_certificate)
          .build()?;
      let ldap_settings = LdapConnSettings::new().set_connector(connector);
      let (ldap_conn_async, mut ldap) =
          LdapConnAsync::with_settings(ldap_settings, &connect_parameters.url.clone()).await?;
      ldap3::drive!(ldap_conn_async);
      ldap.sasl_external_bind().await?;
inejge commented 2 years ago

Does it work with 0.10.2 (exactly, set the version to =0.10.2 in Cargo.toml and check the lock file)?

taladar commented 2 years ago

It works with 0.10.2 but is broken with 0.10.3.

inejge commented 2 years ago

Try the ext-empty branch.

taladar commented 2 years ago

That branch seems to work.

inejge commented 2 years ago

OK, I've pushed the fix to master and I'll publish 0.10.5 when the CI tests finish.