[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
slurpd with SASL returns a referral, wheras slurpd with simple authentication works well (ITS#2689)
Full_Name: suomi hasler
Version: openldap-2.1.22-1
OS: Linux rosetta 2.4.19-4GB #1 Fri Sep 13 13:14:56 UTC 2002 i686 unknown
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (195.141.97.126)
installation is:
one primary LDAP host
two secondary LDAP hosts, first with slurpd access with simple authentication,
the second with slurpd access with SASL DIGEST-MD5 authentication.
Just before these tests I have re-synchronized the three LDAP directories.
wenn doing an update on the primary LDAP host, the update is accepted by the
primary LDAP host, and is accepeted by the first secondary host. but the second
secondary (over SASL) returns the updateref referral (error= 10).
NOTE: the slapd.conf parameter for the SASL mechanism is SASLmech (and not mech
as published in all man pages and other docus, e.g. on your homepage). please
correct this error immediately.
slapd.conf of the primary LDAP host:
.....
.....
access to *
by dn="cn=suomi,ou=pam-ldap,dc=ayni,dc=com" write
by self write
by * read
database ldbm
suffix "dc=ayni,dc=com"
rootdn "cn=Manager,dc=ayni,dc=com"
rootpw gggg
directory /var/ldap
index cn,sn,uid pres,eq,sub
index objectClass eq
password-hash {SHA}
sasl-realm ldap
sasl-host violina.ayni.com
sasl-secprops none
sasl-regexp uid=(.*),cn=.*,cn=.*,cn=auth
cn=$1,ou=pam-ldap,dc=ayni,dc=com
replogfile /var/ldap/replog
replica host="propic.ayni.com" tls=yes
binddn="cn=manager,dc=ayni,dc=com"
bindmethod=simple credentials=gggg
replica host="mileni.ayni.com" tls=yes
binddn="cn=suomi,ou=pam-ldap,dc=ayni,dc=com"
bindmethod=sasl authcid=suomi credentials="gggg" SASLmech="DIGEST-MD5"
slapd.conf of the second secondary LDAP host (which does not accept the
update):
......
......
access to *
by dn="cn=suomi,ou=pam-ldap,dc=ayni,dc=com" write
by self write
by * read
database ldbm
suffix "dc=ayni,dc=com"
rootdn "cn=Manager,dc=ayni,dc=com"
rootpw gggg
directory /var/ldap
index cn,sn,uid pres,eq,sub
index objectClass eq
password-hash {SHA}
updatedn "cn=suomi,ou=pam-ldap,dc=ayni,dc=com"
updateref ldaps://ldapadmin.ayni.com
sasl-realm ldap
sasl-host mileni.ayni.com
sasl-secprops none
sasl-regexp uid=(.*),cn=.*,cn=.*,cn=auth
cn=$1,ou=pam-ldap,dc=ayni,dc=com
log output from the primary LDAP server:
Aug 19 12:03:00 violina slapd[8225]: conn=22 fd=7 ACCEPT from
IP=195.141.97.123:51826 (IP=:: 636)
Aug 19 12:03:00 violina slapd[8253]: conn=22 op=0 BIND dn="" method=163
Aug 19 12:03:00 violina slapd[8253]: conn=22 op=1 BIND dn="" method=163
Aug 19 12:03:00 violina slapd[8253]: conn=22 op=1 BIND authcid="suomi@ldap"
Aug 19 12:03:00 violina slapd[8253]: conn=22 op=1 BIND
dn="cn=suomi,ou=pam-ldap,dc=ayni,dc=com" mech=DIGEST-MD5 ssf=0
Aug 19 12:03:00 violina slapd[8253]: conn=22 op=2 ADD dn="cn=abc
ldap,ou=LDIF-Test,dc=ayni,dc=com"
Aug 19 12:03:01 violina slapd[8253]: conn=22 op=2 RESULT tag=105 err=0 text=
Aug 19 12:03:01 violina slapd[8225]: conn=22 fd=7 closed
log output from the first secondary LDAP server:
Aug 19 12:03:01 propic slapd[8283]: conn=11 op=3 ADD dn="cn=abc
ldap,ou=LDIF-Test,dc=ayni,dc=com"
Aug 19 12:03:02 propic slapd[8283]: conn=11 op=3 RESULT tag=105 err=0 text=
debug (-d77) output from the second secondary LDAP server:
daemon: activity on 1 descriptors
daemon: activity on: 7r
daemon: read activity on 7
connection_get(7)
connection_get(7): got connid=0
connection_read(7): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 580 contents:
ber_get_next
ber_get_next on fd 7 failed errno=11 (Resource temporarily unavailable)
daemon: select: listen=6 active_threads=1 tvp=NULL
do_add
ber_scanf fmt ({m) ber:
>>> dnPrettyNormal: <cn=abc ldap,ou=LDIF-Test,dc=ayni,dc=com>
=> ldap_bv2dn(cn=abc ldap,ou=LDIF-Test,dc=ayni,dc=com,0)
<= ldap_bv2dn(cn=abc ldap,ou=LDIF-Test,dc=ayni,dc=com,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=abc ldap,ou=LDIF-Test,dc=ayni,dc=com,272)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=abc ldap,ou=ldif-test,dc=ayni,dc=com,272)=0
<<< dnPrettyNormal: <cn=abc ldap,ou=LDIF-Test,dc=ayni,dc=com>, <cn=abc
ldap,ou=ldif-test,dc=ayni,dc=com>
do_add: dn (cn=abc ldap,ou=LDIF-Test,dc=ayni,dc=com)
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt (}) ber:
=> get_ctrls
ber_scanf fmt ({a) ber:
=> get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical)
<= get_ctrls: n=1 rc=0 err=""
ldap_url_parse_ext(ldaps://ldapadmin.ayni.com)
send_ldap_result: conn=0 op=3 p=3
send_ldap_result: err=10 matched="" text=""
send_ldap_result: referral="ldaps://ldapadmin.ayni.com/cn=abc%20ldap,ou=LDIF-Test,dc=ayni,dc=com"
send_ldap_response: msgid=4 tag=105 err=10
send_ldap_response: ref="ldaps://ldapadmin.ayni.com/cn=abc%20ldap,ou=LDIF-Test,dc=ayni,dc=com"
ber_flush: 86 bytes to sd 7
after the whole procedure, the entry is installed on the primary LDAP and on the
first secondary LDAP, but not on the secondary LDAP server.
suomi