[Date Prev][Date Next] [Chronological] [Thread] [Top]
slurpd with SASL returns a referral, wheras slurpd with simple authentication works well (ITS#2689)

To: openldap-its@OpenLDAP.org
Subject: slurpd with SASL returns a referral, wheras slurpd with simple authentication works well (ITS#2689)
From: mailomail@ayni.com
Date: Tue, 19 Aug 2003 10:17:04 GMT
Full_Name: suomi hasler
Version: openldap-2.1.22-1
OS: Linux rosetta 2.4.19-4GB #1 Fri Sep 13 13:14:56 UTC 2002 i686 unknown
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (195.141.97.126)


installation is:
one primary LDAP host
two secondary LDAP hosts, first with slurpd access with simple authentication,
the second  with slurpd access with SASL DIGEST-MD5 authentication.

Just before these tests I have re-synchronized the three LDAP directories. 

wenn doing an update on the primary LDAP host, the update is accepted by the
primary LDAP host, and is accepeted by the first secondary host. but the second
secondary (over SASL) returns the updateref referral  (error= 10). 

NOTE: the slapd.conf parameter for the SASL mechanism is SASLmech (and not mech
as published in all man pages and other docus, e.g. on your homepage). please
correct this error immediately.



slapd.conf of the primary LDAP host:

.....
.....
access to *
        by dn="cn=suomi,ou=pam-ldap,dc=ayni,dc=com"     write
        by self write
        by * read


database        ldbm
suffix          "dc=ayni,dc=com"
rootdn          "cn=Manager,dc=ayni,dc=com"

rootpw          gggg

directory       /var/ldap

index cn,sn,uid pres,eq,sub
index objectClass eq

password-hash   {SHA}

sasl-realm      ldap
sasl-host       violina.ayni.com
sasl-secprops   none

sasl-regexp uid=(.*),cn=.*,cn=.*,cn=auth
        cn=$1,ou=pam-ldap,dc=ayni,dc=com

replogfile /var/ldap/replog


replica host="propic.ayni.com" tls=yes
 binddn="cn=manager,dc=ayni,dc=com"
 bindmethod=simple credentials=gggg

replica host="mileni.ayni.com" tls=yes
 binddn="cn=suomi,ou=pam-ldap,dc=ayni,dc=com"
 bindmethod=sasl authcid=suomi credentials="gggg" SASLmech="DIGEST-MD5"






slapd.conf of the second secondary LDAP host (which does not accept the
update):

......
......

access to *
        by dn="cn=suomi,ou=pam-ldap,dc=ayni,dc=com"     write
        by self write
        by * read


database        ldbm
suffix          "dc=ayni,dc=com"
rootdn          "cn=Manager,dc=ayni,dc=com"

rootpw          gggg

directory       /var/ldap

index cn,sn,uid pres,eq,sub
index objectClass eq

password-hash   {SHA}
updatedn "cn=suomi,ou=pam-ldap,dc=ayni,dc=com"
updateref ldaps://ldapadmin.ayni.com

sasl-realm      ldap
sasl-host       mileni.ayni.com
sasl-secprops   none

sasl-regexp uid=(.*),cn=.*,cn=.*,cn=auth
        cn=$1,ou=pam-ldap,dc=ayni,dc=com






log output from the primary LDAP server:

Aug 19 12:03:00 violina slapd[8225]: conn=22 fd=7 ACCEPT from
IP=195.141.97.123:51826 (IP=:: 636)
Aug 19 12:03:00 violina slapd[8253]: conn=22 op=0 BIND dn="" method=163
Aug 19 12:03:00 violina slapd[8253]: conn=22 op=1 BIND dn="" method=163
Aug 19 12:03:00 violina slapd[8253]: conn=22 op=1 BIND authcid="suomi@ldap"
Aug 19 12:03:00 violina slapd[8253]: conn=22 op=1 BIND
dn="cn=suomi,ou=pam-ldap,dc=ayni,dc=com" mech=DIGEST-MD5 ssf=0
Aug 19 12:03:00 violina slapd[8253]: conn=22 op=2 ADD dn="cn=abc
ldap,ou=LDIF-Test,dc=ayni,dc=com"
Aug 19 12:03:01 violina slapd[8253]: conn=22 op=2 RESULT tag=105 err=0 text=
Aug 19 12:03:01 violina slapd[8225]: conn=22 fd=7 closed





log output from the first secondary LDAP server:

Aug 19 12:03:01 propic slapd[8283]: conn=11 op=3 ADD dn="cn=abc
ldap,ou=LDIF-Test,dc=ayni,dc=com"
Aug 19 12:03:02 propic slapd[8283]: conn=11 op=3 RESULT tag=105 err=0 text=





debug (-d77) output from the second secondary LDAP server:


daemon: activity on 1 descriptors
daemon: activity on: 7r
daemon: read activity on 7
connection_get(7)
connection_get(7): got connid=0
connection_read(7): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 580 contents:
ber_get_next
ber_get_next on fd 7 failed errno=11 (Resource temporarily unavailable)
daemon: select: listen=6 active_threads=1 tvp=NULL
do_add
ber_scanf fmt ({m) ber:
>>> dnPrettyNormal: <cn=abc ldap,ou=LDIF-Test,dc=ayni,dc=com>
=> ldap_bv2dn(cn=abc ldap,ou=LDIF-Test,dc=ayni,dc=com,0)
<= ldap_bv2dn(cn=abc ldap,ou=LDIF-Test,dc=ayni,dc=com,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=abc ldap,ou=LDIF-Test,dc=ayni,dc=com,272)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=abc ldap,ou=ldif-test,dc=ayni,dc=com,272)=0
<<< dnPrettyNormal: <cn=abc ldap,ou=LDIF-Test,dc=ayni,dc=com>, <cn=abc
ldap,ou=ldif-test,dc=ayni,dc=com>
do_add: dn (cn=abc ldap,ou=LDIF-Test,dc=ayni,dc=com)
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt (}) ber:
=> get_ctrls
ber_scanf fmt ({a) ber:
=> get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical)
<= get_ctrls: n=1 rc=0 err=""
ldap_url_parse_ext(ldaps://ldapadmin.ayni.com)
send_ldap_result: conn=0 op=3 p=3
send_ldap_result: err=10 matched="" text=""
send_ldap_result: referral="ldaps://ldapadmin.ayni.com/cn=abc%20ldap,ou=LDIF-Test,dc=ayni,dc=com"
send_ldap_response: msgid=4 tag=105 err=10
send_ldap_response: ref="ldaps://ldapadmin.ayni.com/cn=abc%20ldap,ou=LDIF-Test,dc=ayni,dc=com"
ber_flush: 86 bytes to sd 7




after the whole procedure, the entry is installed on the primary LDAP and on the
first secondary LDAP, but not on the secondary LDAP server.

suomi
Prev by Date: RE: slapi crasher on unbind (ITS#2461)
Next by Date: Re: [JLDAP] Casting error in com.novell.ldap.LDAPSearchConstraints (ITS#2688)
Index(es):
- Chronological
- Thread