[Date Prev][Date Next] [Chronological] [Thread] [Top]
RE: test of SASL DIGEST-MD5 mechanism

To: "Cindy Wang" <cwang@kinetworks.com>, <openldap-software@OpenLDAP.org>
Subject: RE: test of SASL DIGEST-MD5 mechanism
From: "Chapman, Kyle" <Kyle_Chapman@G1.com>
Date: Tue, 18 Mar 2003 16:40:58 -0500
Content-class: urn:content-classes:message
Importance: normal
Thread-index: AcLthBxrlCBWDLI2TFmXOYIZg1ZclwAExb6A
Thread-topic: test of SASL DIGEST-MD5 mechanism
is this a typo from your log?
"uid=$1,cn=enigneer,dc=rtp,dc=KiNETWORKS,dc=com"

your dn is:
dn: cn=Andrew,cn=engineer,dc=rtp,dc=KiNETWORKS,dc=com

-----Original Message-----
From: Cindy Wang [mailto:cwang@kinetworks.com]
Sent: Tuesday, March 18, 2003 2:17 PM
To: openldap-software@OpenLDAP.org
Subject: test of SASL DIGEST-MD5 mechanism


Hi:

I am trying to set up some simple tests of SASL  DIGEST-MD 5 mechanism 
running openldap.2.1.16 with SASL on Solaris 5.7.  But when I did the 
search, I got the following message:

ldapsearch -Y DIGEST-MD5 -U u00997 -b 'dc=rtp,dc=KiNETWORKS,dc=com' 
'cn=Andrew'
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Internal (implementation specific) error
(80)
        additional info: SASL(-13): user not found: no secret in
database

I have an entry in the Directory as the following:

# Andrew, engineer, rtp.KiNETWORKS.com
dn: cn=Andrew,cn=engineer,dc=rtp,dc=KiNETWORKS,dc=com
objectClass: person
objectClass: inetOrgPerson
cn: Andrew
sn: Findlay
uid: u00997
userPassword:: c2VjcmV0
 
================== slapd.conf ====================
password-hash   {CLEARTEXT}
sasl-regexp
        uid=(.*),cn=rtp.KiNETWORKS.com,cn=digest-md5,cn=auth
        uid=$1,cn=enigneer,dc=rtp,dc=KiNETWORKS,dc=com
================================================

Could anyone tell if anything is wrong with the above sasl-regexp
mapping?
I even ran the debugger and found that in servers/slapd/saslauthz.c, at 
line
302, the function call regexec( ) didn't return a 0 with the above 
sasl-regexp.
And the following is in the "reg" structure during the debugging:
*reg = {
    sr_match     = 0x83e3fd8 
"uid=(.*),cn=rtp.KiNETWORKS.com,cn=digest-md5,cn=auth"
    sr_replace   = 0x83a67b8 
"uid=$1,cn=enigneer,dc=rtp,dc=KiNETWORKS,dc=com"
    sr_workspace = {
        re_nsub   = 1U
        re_comp   = 0x83baba8
        re_cflags = 5
        re_erroff = 0
        re_len    = 108U
        re_sc     = 0x83bac30
    }
    sr_strings   = (
{
        rm_sp = 0x656e6973 "<bad address 0x656e6973>"
        rm_ep = 0x61437373 "<bad address 0x61437373>"
        rm_so = 1869047156
        rm_eo = 606108018
        rm_ss = 1918984992
        rm_es = 1701013836
    }{
        rm_sp = 0x2065736e "<bad address 0x2065736e>"
        rm_ep = 0x65642024 "<bad address 0x65642024>"
        rm_so = 1953653104
        rm_eo = 1953391981
        rm_ss = 1651340622
        rm_es = 606106213
    }{
        rm_sp = 0x69640920 "<bad address 0x69640920>"
        rm_ep = 0x616c7073 "<bad address 0x616c7073>"
        rm_so = 1835093625
        rm_eo = 539238501
        rm_ss = 1819307365
        rm_es = 1701149039
    }{
        rm_sp = 0x626d754e "<bad address 0x626d754e>"
        rm_ep = 0x24207265 "<bad address 0x24207265>"
        rm_so = 1886217504
        rm_eo = 1702457196
        rm_ss = 1886999653
        rm_es = 539238501
    }{
        rm_sp = 0x65766967 "<bad address 0x65766967>"
        rm_ep = 0x6d614e6e "<bad address 0x6d614e6e>"
        rm_so = 539238501
        rm_eo = 1836017673
        rm_ss = 1869107301
        rm_es = 606102894
    }{
        rm_sp = 0x6d6f6820 "<bad address 0x6d6f6820>"
        rm_ep = 0x736f5065 "<bad address 0x736f5065>"
        rm_so = 1097621876
        rm_eo = 1701995620
        rm_ss = 606106483
        rm_es = 1768843552
    }{
        rm_sp = 0x6c616974 "<bad address 0x6c616974>"
        rm_ep = 0x20242073 "<bad address 0x20242073>"
        rm_so = 1734701162
        rm_eo = 1953458256
        rm_ss = 539238511
        rm_es = 1650551817
    }{
        rm_sp = 0x64656c65 "<bad address 0x64656c65>"
        rm_ep = 0x20495255 "<bad address 0x20495255>"
        rm_so = 1634541604
        rm_eo = 606104681
        rm_ss = 1851878688
        rm_es = 1919248225
    }{
        rm_sp = 0x6d202420 "<bad address 0x6d202420>"
        rm_ep = 0x6c69626f "<bad address 0x6c69626f>"
        rm_so = 539238501
        rm_eo = 539238511
        rm_ss = 1701273968
        rm_es = 539238514
    }{
        rm_sp = 0x6f687009 "<bad address 0x6f687009>"
        rm_ep = 0x24206f74 "<bad address 0x24206f74>"
        rm_so = 1869574688
        rm_eo = 1836404333
        rm_ss = 544367970
        rm_es = 1702043684
    }
)
    sr_offset    = (-2, 4, 46, -1, 1919251317, 1953654083, 1667851881, 
543519841, 2013863972, 1966092341, 1970366830, 1701071205)
}



================== log information for the slapd
==========================
==slap_sasl2dn: Converted SASL name to <nothing>
SASL Canonicalize [conn=0]: authcDN="uid=u00997,cn=digest-md5,cn=auth"
SASL Canonicalize [conn=0]: authzid="u00997"
SASL [conn=0] Failure: no secret in database
send_ldap_result: conn=0 op=1 p=3
send_ldap_result: err=80 matched="" text="SASL(-13): user not found: no 
secret in database"
send_ldap_response: msgid=2 tag=97 err=80
ber_flush: 62 bytes to sd 11
  0000:  30 3c 02 01 02 61 37 0a  01 50 04 00 04 30 53 41   
0<...a7..P...0SA 
  0010:  53 4c 28 2d 31 33 29 3a  20 75 73 65 72 20 6e 6f   SL(-13): 
user no 
  0020:  74 20 66 6f 75 6e 64 3a  20 6e 6f 20 73 65 63 72   t found: no 
secr 
  0030:  65 74 20 69 6e 20 64 61  74 61 62 61 73 65         et in 
database   
ldap_write: want=62, written=62
  0000:  30 3c 02 01 02 61 37 0a  01 50 04 00 04 30 53 41   
0<...a7..P...0SA 
  0010:  53 4c 28 2d 31 33 29 3a  20 75 73 65 72 20 6e 6f   SL(-13): 
user no 
  0020:  74 20 66 6f 75 6e 64 3a  20 6e 6f 20 73 65 63 72   t found: no 
secr 
  0030:  65 74 20 69 6e 20 64 61  74 61 62 61 73 65         et in 
database   
conn=0 op=1 RESULT tag=97 err=80 text=SASL(-13): user not found: no 
secret in database
<== slap_sasl_bind: rc=80
daemon: select: listen=7 active_threads=1 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 11r
daemon: read activity on 11
connection_get(11)
connection_get(11): got connid=0
connection_read(11): checking for input on id=0
ber_get_next
ldap_read: want=9, got=0

ber_get_next on fd 11 failed errno=0 (Error 0)
connection_read(11): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=11 for close
connection_close: conn=0 sd=11
daemon: removing 11
conn=0 fd=11 closed
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=7 active_threads=0 tvp=NULL

======================================================================

Thanks very much for your help.

Cindy Wang
Software Product Engineer
KiNETWORKS
NOTICE: This E-mail may contain confidential information. If you are not
the addressee or the intended recipient please do not read this E-mail
and please immediately delete this e-mail message and any attachments
from your workstation or network mail system. If you are the addressee
or the intended recipient and you save or print a copy of this E-mail,
please place it in an appropriate file, depending on whether
confidential information is contained in the message.
Follow-Ups:
- Re: test of SASL DIGEST-MD5 mechanism
  - From: Cindy Wang <cwang@kinetworks.com>
Prev by Date: Re: Different CN's for DN and CN.
Next by Date: Re: Different CN's for DN and CN.
Index(es):
- Chronological
- Thread