[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL config. problems, need a hint

To: openldap-software@OpenLDAP.org
Subject: SASL config. problems, need a hint
From: Ian Logan <ian@NMSU.Edu>
Date: Mon, 11 Nov 2002 13:20:06 -0700
Content-disposition: inline
User-agent: Mutt/1.4i

Hello everyone,
I'm trying to get SASL working with OpenLDAP, and I'm pretty much
stuck and out of ideas. I've dug through the openldap-software mailing
list as best I could, but I didnt see anything that sounded like my 
particular problem. If I missed a FAQ entry or something else like that
a pointer would be greatly appreciated! 

Anyway, here's the details.
This is all on a FreeBSD 4.6-STABLE/4.7-RC system.
I'm trying to use OpenLDAP 2.1.8, and Cyrus-SASL 2.1.9.
I've got the cyrus sample-client/sample-server stuff working,
and I've put a password in sasldb2 for myself. Using DIGEST-MD5
it seems to work correctly.

Slapd finds the cyrus libraries okay, and it lists DIGEST-MD5 as one
of the mechanisms it supports. But when I try to do a SASL bind, 
the client waits forever for a response from the server.
Here's what I see on the server logs:

Nov 11 13:10:30 itchy slapd[9517]: connection_read(13): checking for input on id
=0
Nov 11 13:10:30 itchy slapd[9517]: ber_get_next on fd 13 failed errno=35 (Resour
ce temporarily unavailable)
Nov 11 13:10:30 itchy slapd[9517]: do_bind
Nov 11 13:10:30 itchy slapd[9517]: >>> dnPrettyNormal: <>
Nov 11 13:10:30 itchy slapd[9517]: <<< dnPrettyNormal: <>, <>
Nov 11 13:10:30 itchy slapd[9517]: do_sasl_bind: dn () mech DIGEST-MD5
Nov 11 13:10:30 itchy slapd[9517]: conn=0 op=0 BIND dn="" method=163
Nov 11 13:10:30 itchy slapd[9517]: ==> sasl_bind: dn="" mech=DIGEST-MD5 datalen=
0
Nov 11 13:10:30 itchy slapd[9517]: SASL [conn=0] Debug: DIGEST-MD5 server step 1

On the client side I see the following:
%ldapsearch -d -1 -U ian -Y DIGEST-MD5 -b"dc=nmsu,dc=edu" '(cn=Ian Logan)'

ldap_create
ldap_interactive_sasl_bind_s: user selected: DIGEST-MD5
ldap_int_sasl_bind: DIGEST-MD5
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_ndelay_off: 3
ldap_int_sasl_open: host=itchy.nmsu.edu
SASL/DIGEST-MD5 authentication started
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ber_flush: 26 bytes to sd 3
  0000:  30 18 02 01 01 60 13 02  01 03 04 00 a3 0c 04 0a   0....`..........
  0010:  44 49 47 45 53 54 2d 4d  44 35                     DIGEST-MD5
ldap_write: want=26, written=26
  0000:  30 18 02 01 01 60 13 02  01 03 04 00 a3 0c 04 0a   0....`..........
  0010:  44 49 47 45 53 54 2d 4d  44 35                     DIGEST-MD5
ldap_result msgid 1
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 1
wait4msg continue, msgid 1, all 1
** Connections:
* host: localhost  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Mon Nov 11 13:17:15 2002

** Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
ldap_int_select

If anyone could give me a clue, I'd really appreciate it!
Thanks!
Ian

-- 
Ian Logan
Information and Communication Technologies
New Mexico State University
Email: ian@nmsu.edu Phone: 505-646-6034 Fax: 505-646-4560

Prev by Date: decoding modlist error
Next by Date: RE: thread problem OpenLDAP 2.1.8 + Solaris 9
Index(es):
- Chronological
- Thread