[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldapadd and sasl protocol error

To: openldap-software <openldap-software@OpenLDAP.org>
Subject: ldapadd and sasl protocol error
From: Erik Pagel <erik.pagel@gmx.de>
Date: Mon, 06 May 2002 18:06:55 +0200
Content-disposition: inline

Hello, I just try to setup an LDAP server (2.0.23) with sasl (cyrus-sasl-2.1.2) support. All compiled from the scratch. The sldapd starts without problems, but I'm not able to insert any data with ldapadd. All I get is an unknown ldap_sasl_interactive_bind_s error with an addional information: SASL(-5): bad protocol / cancel: Remote sent first but mech does not allow it. Authorization via sample server/client (cyrus-sasl-2.1.2 source) works without problems.

Can anyone help me? More information needed?

Thanks in advance
Erik

P.S. Sorry for my english

-------------------------------------

command i tried:
ldapadd  -f test.ldif -D "cn=ldapadmin,o=testnet,c=DE" -W -d -1 -Y CRAM-MD5

output:
ldap_create
Enter LDAP Password:
ldap_interactive_sasl_bind_s: user selected: CRAM-MD5
ldap_int_sasl_bind: CRAM-MD5
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 4
ldap_prepare_socket: 4
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_connect_timeout: fd: 4 tm: -1 async: 0
ldap_ndelay_on: 4
ldap_is_sock_ready: 4
ldap_ndelay_off: 4
ldap_int_sasl_open: host=eagle.testnet.de
SASL/CRAM-MD5 authentication started
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ber_flush: 51 bytes to sd 4
 0000:  30 31 02 01 01 60 2c 02  01 03 04 1b 63 6e 3d 6c   01...`,.....cn=l
 0010:  64 61 70 61 64 6d 69 6e  2c 6f 3d 74 65 73 74 6e   dapadmin,o=testn
 0020:  65 74 2c 63 3d 44 45 a3  0a 04 08 43 52 41 4d 2d   et,c=DE....CRAM-
 0030:  4d 44 35                                           MD5
ldap_write: want=51, written=51
 0000:  30 31 02 01 01 60 2c 02  01 03 04 1b 63 6e 3d 6c   01...`,.....cn=l
 0010:  64 61 70 61 64 6d 69 6e  2c 6f 3d 74 65 73 74 6e   dapadmin,o=testn
 0020:  65 74 2c 63 3d 44 45 a3  0a 04 08 43 52 41 4d 2d   et,c=DE....CRAM-
 0030:  4d 44 35                                           MD5
ldap_result msgid 1
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 1
wait4msg continue, msgid 1, all 1
** Connections:
* host: localhost  port: 389  (default)
 refcnt: 2  status: Connected
 last used: Mon May  6 16:52:59 2002

** Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ** Response Queue: Empty ldap_chkResponseList for msgid=1, all=1 ldap_chkResponseList returns NULL ldap_int_select read1msg: msgid 1, all 1 ber_get_next ldap_read: want=9, got=9 0000: 30 5a 02 01 01 61 55 0a 01 0Z...aU.. ldap_read: want=83, got=83 0000: 50 04 00 04 4e 53 41 53 4c 28 2d 35 29 3a 20 62 P...NSASL(-5): b 0010: 61 64 20 70 72 6f 74 6f 63 6f 6c 20 2f 20 63 61 ad protocol / ca 0020: 6e 63 65 6c 3a 20 52 65 6d 6f 74 65 20 73 65 6e ncel: Remote sen 0030: 74 20 66 69 72 73 74 20 62 75 74 20 6d 65 63 68 t first but mech 0040: 20 64 6f 65 73 20 6e 6f 74 20 61 6c 6c 6f 77 20 does not allow 0050: 69 74 2e it. ber_get_next: tag 0x30 len 90 contents: ber_dump: buf=0x0807d230 ptr=0x0807d230 end=0x0807d28a len=90 0000: 02 01 01 61 55 0a 01 50 04 00 04 4e 53 41 53 4c ...aU..P...NSASL 0010: 28 2d 35 29 3a 20 62 61 64 20 70 72 6f 74 6f 63 (-5): bad protoc 0020: 6f 6c 20 2f 20 63 61 6e 63 65 6c 3a 20 52 65 6d ol / cancel: Rem 0030: 6f 74 65 20 73 65 6e 74 20 66 69 72 73 74 20 62 ote sent first b 0040: 75 74 20 6d 65 63 68 20 64 6f 65 73 20 6e 6f 74 ut mech does not 0050: 20 61 6c 6c 6f 77 20 69 74 2e allow it. ldap_read: message type bind msgid 1, original id 1 ber_scanf fmt ({iaa) ber: ber_dump: buf=0x0807d230 ptr=0x0807d233 end=0x0807d28a len=87 0000: 61 55 0a 01 50 04 00 04 4e 53 41 53 4c 28 2d 35 aU..P...NSASL(-5 0010: 29 3a 20 62 61 64 20 70 72 6f 74 6f 63 6f 6c 20 ): bad protocol 0020: 2f 20 63 61 6e 63 65 6c 3a 20 52 65 6d 6f 74 65 / cancel: Remote 0030: 20 73 65 6e 74 20 66 69 72 73 74 20 62 75 74 20 sent first but 0040: 6d 65 63 68 20 64 6f 65 73 20 6e 6f 74 20 61 6c mech does not al 0050: 6c 6f 77 20 69 74 2e low it. read1msg: 0 new referrals read1msg: mark request completed, id = 1 request 1 done res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_free_connection ldap_free_connection: refcnt 1 ldap_parse_sasl_bind_result ber_scanf fmt ({iaa) ber: ber_dump: buf=0x0807d230 ptr=0x0807d233 end=0x0807d28a len=87 0000: 61 55 0a 01 50 04 00 04 4e 53 41 53 4c 28 2d 35 aU..P...NSASL(-5 0010: 29 3a 20 62 61 64 20 70 72 6f 74 6f 63 6f 6c 20 ): bad protocol 0020: 2f 20 63 61 6e 63 65 6c 3a 20 52 65 6d 6f 74 65 / cancel: Remote 0030: 20 73 65 6e 74 20 66 69 72 73 74 20 62 75 74 20 sent first but 0040: 6d 65 63 68 20 64 6f 65 73 20 6e 6f 74 20 61 6c mech does not al 0050: 6c 6f 77 20 69 74 2e low it. ldap_msgfree ldap_perror ldap_sasl_interactive_bind_s: Unknown error (80) additional info: SASL(-5): bad protocol / cancel: Remote sent first but mech does not allow it. ---------------------------------------

Follow-Ups:
- Re: ldapadd and sasl protocol error
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Quick Question!
Next by Date: Re: ldapadd and sasl protocol error
Index(es):
- Chronological
- Thread