[Date Prev][Date Next] [Chronological] [Thread] [Top]
Re: ldapadd and sasl protocol error

To: Erik Pagel <erik.pagel@gmx.de>
Subject: Re: ldapadd and sasl protocol error
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Mon, 06 May 2002 09:23:28 -0700
Cc: openldap-software <openldap-software@OpenLDAP.org>
In-reply-to: <15543490.1020708415@[192.168.13.4]>
At 09:06 AM 2002-05-06, Erik Pagel wrote:
>Hello,
>I just try to setup an LDAP server (2.0.23) with sasl (cyrus-sasl-2.1.2) support.

OpenLDAP 2.0 doesn't support Cyrus SASL 2.1.  Use Cyrus SASL
1.5 instead.

OpenLDAP 2.1 (beta) does support Cyrus SASL 2.1, but current
Cyrus SASL 2.1 release is known to have significant problems.
Use Cyrus SASL 1.5 instead.

Kurt

>All compiled from the scratch.
>The sldapd starts without problems, but I'm not able to insert any data with ldapadd. All I get is an unknown ldap_sasl_interactive_bind_s error with an addional information: SASL(-5): bad protocol / cancel: Remote sent first but mech does not allow it.
>Authorization via sample server/client (cyrus-sasl-2.1.2 source) works without problems.
>
>Can anyone help me? More information needed?
>
>Thanks in advance
>Erik
>
>P.S. Sorry for my english
>
>-------------------------------------
>
>command i tried:
>ldapadd  -f test.ldif -D "cn=ldapadmin,o=testnet,c=DE" -W -d -1 -Y CRAM-MD5
>
>output:
>ldap_create
>Enter LDAP Password:
>ldap_interactive_sasl_bind_s: user selected: CRAM-MD5
>ldap_int_sasl_bind: CRAM-MD5
>ldap_new_connection
>ldap_int_open_connection
>ldap_connect_to_host: TCP localhost:389
>ldap_new_socket: 4
>ldap_prepare_socket: 4
>ldap_connect_to_host: Trying 127.0.0.1:389
>ldap_connect_timeout: fd: 4 tm: -1 async: 0
>ldap_ndelay_on: 4
>ldap_is_sock_ready: 4
>ldap_ndelay_off: 4
>ldap_int_sasl_open: host=eagle.testnet.de
>SASL/CRAM-MD5 authentication started
>ldap_sasl_bind_s
>ldap_sasl_bind
>ldap_send_initial_request
>ldap_send_server_request
>ber_flush: 51 bytes to sd 4
> 0000:  30 31 02 01 01 60 2c 02  01 03 04 1b 63 6e 3d 6c   01...`,.....cn=l
> 0010:  64 61 70 61 64 6d 69 6e  2c 6f 3d 74 65 73 74 6e   dapadmin,o=testn
> 0020:  65 74 2c 63 3d 44 45 a3  0a 04 08 43 52 41 4d 2d   et,c=DE....CRAM-
> 0030:  4d 44 35                                           MD5
>ldap_write: want=51, written=51
> 0000:  30 31 02 01 01 60 2c 02  01 03 04 1b 63 6e 3d 6c   01...`,.....cn=l
> 0010:  64 61 70 61 64 6d 69 6e  2c 6f 3d 74 65 73 74 6e   dapadmin,o=testn
> 0020:  65 74 2c 63 3d 44 45 a3  0a 04 08 43 52 41 4d 2d   et,c=DE....CRAM-
> 0030:  4d 44 35                                           MD5
>ldap_result msgid 1
>ldap_chkResponseList for msgid=1, all=1
>ldap_chkResponseList returns NULL
>wait4msg (infinite timeout), msgid 1
>wait4msg continue, msgid 1, all 1
>** Connections:
>* host: localhost  port: 389  (default)
> refcnt: 2  status: Connected
> last used: Mon May  6 16:52:59 2002
>
>** Outstanding Requests:
>* msgid 1,  origid 1, status InProgress
>  outstanding referrals 0, parent count 0
>** Response Queue:
>  Empty
>ldap_chkResponseList for msgid=1, all=1
>ldap_chkResponseList returns NULL
>ldap_int_select
>read1msg: msgid 1, all 1
>ber_get_next
>ldap_read: want=9, got=9
> 0000:  30 5a 02 01 01 61 55 0a  01                        0Z...aU..
>ldap_read: want=83, got=83
> 0000:  50 04 00 04 4e 53 41 53  4c 28 2d 35 29 3a 20 62   P...NSASL(-5): b
> 0010:  61 64 20 70 72 6f 74 6f  63 6f 6c 20 2f 20 63 61   ad protocol / ca
> 0020:  6e 63 65 6c 3a 20 52 65  6d 6f 74 65 20 73 65 6e   ncel: Remote sen
> 0030:  74 20 66 69 72 73 74 20  62 75 74 20 6d 65 63 68   t first but mech
> 0040:  20 64 6f 65 73 20 6e 6f  74 20 61 6c 6c 6f 77 20    does not allow
> 0050:  69 74 2e                                           it.
>ber_get_next: tag 0x30 len 90 contents:
>ber_dump: buf=0x0807d230 ptr=0x0807d230 end=0x0807d28a len=90
> 0000:  02 01 01 61 55 0a 01 50  04 00 04 4e 53 41 53 4c   ...aU..P...NSASL
> 0010:  28 2d 35 29 3a 20 62 61  64 20 70 72 6f 74 6f 63   (-5): bad protoc
> 0020:  6f 6c 20 2f 20 63 61 6e  63 65 6c 3a 20 52 65 6d   ol / cancel: Rem
> 0030:  6f 74 65 20 73 65 6e 74  20 66 69 72 73 74 20 62   ote sent first b
> 0040:  75 74 20 6d 65 63 68 20  64 6f 65 73 20 6e 6f 74   ut mech does not
> 0050:  20 61 6c 6c 6f 77 20 69  74 2e                      allow it.
>ldap_read: message type bind msgid 1, original id 1
>ber_scanf fmt ({iaa) ber:
>ber_dump: buf=0x0807d230 ptr=0x0807d233 end=0x0807d28a len=87
> 0000:  61 55 0a 01 50 04 00 04  4e 53 41 53 4c 28 2d 35   aU..P...NSASL(-5
> 0010:  29 3a 20 62 61 64 20 70  72 6f 74 6f 63 6f 6c 20   ): bad protocol
> 0020:  2f 20 63 61 6e 63 65 6c  3a 20 52 65 6d 6f 74 65   / cancel: Remote
> 0030:  20 73 65 6e 74 20 66 69  72 73 74 20 62 75 74 20    sent first but
> 0040:  6d 65 63 68 20 64 6f 65  73 20 6e 6f 74 20 61 6c   mech does not al
> 0050:  6c 6f 77 20 69 74 2e                               low it.
>read1msg:  0 new referrals
>read1msg:  mark request completed, id = 1
>request 1 done
>res_errno: 0, res_error: <>, res_matched: <>
>ldap_free_request (origid 1, msgid 1)
>ldap_free_connection
>ldap_free_connection: refcnt 1
>ldap_parse_sasl_bind_result
>ber_scanf fmt ({iaa) ber:
>ber_dump: buf=0x0807d230 ptr=0x0807d233 end=0x0807d28a len=87
> 0000:  61 55 0a 01 50 04 00 04  4e 53 41 53 4c 28 2d 35   aU..P...NSASL(-5
> 0010:  29 3a 20 62 61 64 20 70  72 6f 74 6f 63 6f 6c 20   ): bad protocol
> 0020:  2f 20 63 61 6e 63 65 6c  3a 20 52 65 6d 6f 74 65   / cancel: Remote
> 0030:  20 73 65 6e 74 20 66 69  72 73 74 20 62 75 74 20    sent first but
> 0040:  6d 65 63 68 20 64 6f 65  73 20 6e 6f 74 20 61 6c   mech does not al
> 0050:  6c 6f 77 20 69 74 2e                               low it.
>ldap_msgfree
>ldap_perror
>ldap_sasl_interactive_bind_s: Unknown error (80)
>       additional info: SASL(-5): bad protocol / cancel: Remote sent first but mech does not allow it.
>---------------------------------------
References:
- ldapadd and sasl protocol error
  - From: Erik Pagel <erik.pagel@gmx.de>
Prev by Date: ldapadd and sasl protocol error
Next by Date: OpenLdap replica of Win2000 OU?
Index(es):
- Chronological
- Thread