Bug 9919 - Feature request: LDAP fast bind control (1.2.840.113556.1.4.1781) is not supported
Summary: Feature request: LDAP fast bind control (1.2.840.113556.1.4.1781) is not supp...
Status: NEW
Alias: None
Product: Samba 4.0
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: unspecified
Hardware: All All
: P5 enhancement (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
Depends on:
Reported: 2013-05-31 11:28 UTC by LiuYan
Modified: 2013-06-08 19:53 UTC (History)
0 users

See Also:

fast bind test client, in Java (8.87 KB, text/x-java)
2013-05-31 11:28 UTC, LiuYan
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description LiuYan 2013-05-31 11:28:24 UTC
Created attachment 8935 [details]
fast bind test client, in Java

When testing LDAP authentication against samba4 using fast bind connection
control, I got the following java exception
javax.naming.NamingException: [LDAP: error code 1 - Operations Error]

and got error message from samba
ldapsrv_do_call: Critical extension 1.2.840.113556.1.4.1781 is not known to
this server

Our mail system using fast bind control for authentication, so, currently i can't migrate authentication from windows server to samba4.

How to test

1. compile
Put the attachment in to 'org/samba/test/ldap' directory, compile:

javac org/samba/test/ldap/FastBindTest.java

2. test
Run the java test
- if authentication failed, it will output exception and "Authentication failed"
- if authentication ok, it will only output "Authentication OK"

2.1. test against samba4 server

java org.samba.test.ldap.FastBindTest /url ldap://SAMBA4-SERVER-NAME-OR-ADDRESS:389 /u administrator@SAMBA4_DOMAIN.com /p ***
javax.naming.NamingException: [LDAP: error code 1 - Operations Error]
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3127)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2835)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
        at javax.naming.InitialContext.init(InitialContext.java:242)
        at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153)
        at org.samba.test.ldap.FastBindTest.Authenticate(FastBindTest.java:91)
        at org.samba.test.ldap.FastBindTest.Authenticate_FastBind(FastBindTest.java:115)
        at org.samba.test.ldap.FastBindTest.main(FastBindTest.java:503)
Authentication failed

2.2. test against windows server

$ java org.samba.test.ldap.FastBindTest /url ldap://WIN-SERVER-NAME-OR-ADDRESS:389 /u administrator@WINDOWS_DOMAIN.com /p ***
Authentication OK
Comment 1 Matthias Dieter Wallnöfer 2013-06-08 19:53:37 UTC
This is rather a feature request.