[Date Prev][Date Next] [Chronological] [Thread] [Top]

gssapi and sasl with openldap

To: openldap-software@OpenLDAP.org
Subject: gssapi and sasl with openldap
From: Olivier SALAUN <olivier.salaun@intranode.com>
Date: Fri, 05 Jul 2002 09:33:43 +0200
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020529

Hello,

I can't manage to get OpenLDAP 2.0.25 working with SASL(1.5.27 or 1.5.24 patched) and Kerberos... When I try a bind with simple auth (ldapsearch -x) it works... but with a SASL bind, I have the error "Can't contact LDAP server"

Here is an output of the command ldapsearch:

"
-=(root@numerobis : /home/osa)=- $ klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: root@INTRANODE.LAN

Valid starting     Expires            Service principal
07/03/02 18:06:14  07/04/02 04:06:14  krbtgt/INTRANODE.LAN@INTRANODE.LAN


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
-=(root@numerobis : /home/osa)=- $ ldapsearch
SASL/GSSAPI authentication started
SASL SSF: 56
SASL installing layers
version: 2

#
# filter: (objectclass=*)
# requesting: ALL
#

ldap_result: Can't contact LDAP server
"
When I make a klist after the command:
"
-=(root@numerobis : /home/osa)=- $ klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: root@INTRANODE.LAN

Valid starting Expires Service principal 07/03/02 18:06:14 07/04/02 04:06:14 krbtgt/INTRANODE.LAN@INTRANODE.LAN 07/03/02 18:07:39 07/04/02 04:06:14 ldap/numerobis.intranode.lan@INTRANODE.LAN


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached"

"
Output from slapd:
"
ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)
<== slap_sasl_bind: rc=14
do_bind
ber_scanf fmt ({iat) ber:
ber_scanf fmt ({a) ber:
ber_scanf fmt (}}) ber:
do_sasl_bind: dn () mech GSSAPI
==> sasl_bind: dn="" mech=<continuing> datalen=0
send_ldap_sasl: err=14 len=65
send_ldap_response: msgid=3 tag=97 err=14
ber_flush: 81 bytes to sd 9
connection_get(9)
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 87 contents:
deferring operation
ber_get_next
ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)
<== slap_sasl_bind: rc=14
do_bind
ber_scanf fmt ({iat) ber:
ber_scanf fmt ({a) ber:
ber_scanf fmt (o) ber:
ber_scanf fmt (}}) ber:
do_sasl_bind: dn () mech GSSAPI
==> sasl_bind: dn="" mech=<continuing> datalen=65
SASL Authorize [conn=0]: authcid="root" authzid="<empty>"
SASL Authorize [conn=0]: "root" as "u:root"
slap_sasl_bind: username="u:root" realm="" ssf=56
<== slap_sasl_bind: authzdn: "uid=root"
send_ldap_sasl: err=0 len=-1
send_ldap_response: msgid=4 tag=97 err=0
ber_flush: 14 bytes to sd 9
connection_get(9)
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ldap_pvt_sasl_install
ber_get_next
sb_sasl_pkt_length: received illegal packet length of 121 bytes
ber_get_next on fd 9 failed errno=0 (Success)
connection_read(9): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=9 for close
connection_close: deferring conn=0 sd=9
<== slap_sasl_bind: rc=0
connection_resched: attempting closing conn=0 sd=9
connection_close: conn=0 sd=9
"

Regards,
Olivier SALAUN

Follow-Ups:
- Re: gssapi and sasl with openldap
  - From: Andreas Hasenack <andreas@conectiva.com.br>
- Re: gssapi and sasl with openldap
  - From: Dave Snoopy <kingsnoopy7@yahoo.com>

Prev by Date: Re: Which version of LDAP does OpenLdap v1.2.9 implement
Next by Date: big problem during installation of OpenLDAP 2.0.25
Index(es):
- Chronological
- Thread