The Samba-Bugzilla – Bug 12301
LDAP server signals wrong cause when multiple SASL binds are attempted
Last modified: 2016-10-03 18:09:44 UTC
Created attachment 12518 [details]
If a client successfully binds to the LDAP server using SASL GSSAPI and then attempts to bind again using the same connection, the server reports error:
SASL:[GSSAPI]: Sign or Seal are required.
This error is misleading as the server is refusing to renegotiate the security context over already existing encrypted channel. Examining the relevant segment of code, a small reorganization will obtain the right error code. Patch attached.
Once patched, server signals:
SASL:[GSSAPI]: Sign or Seal are not allowed if SASL encryption has already been set up