[Date Prev][Date Next] [Chronological] [Thread] [Top]
RE: test of SASL DIGEST-MD5 mechanism

To: "Cindy Wang" <cwang@KiNETWORKS.com>
Subject: RE: test of SASL DIGEST-MD5 mechanism
From: "Chapman, Kyle" <Kyle_Chapman@G1.com>
Date: Tue, 18 Mar 2003 18:19:57 -0500
Cc: <openldap-software@OpenLDAP.org>
Content-class: urn:content-classes:message
Thread-index: AcLtoNGAeg38egciRVC7bSZ8JfO7eAABDfSw
Thread-topic: test of SASL DIGEST-MD5 mechanism
if you look at your regexp, cn=enigeer <> cn=engineer

-----Original Message-----
From: Cindy Wang [mailto:cwang@KiNETWORKS.com]
Sent: Tuesday, March 18, 2003 5:51 PM
To: Chapman, Kyle
Cc: openldap-software@OpenLDAP.org
Subject: Re: test of SASL DIGEST-MD5 mechanism


I don't think it is a typo.  The sasl-regexp directive is used to map 
authentication identities to LDAP entries.

Cindy

Chapman, Kyle wrote:

>is this a typo from your log?
>"uid=$1,cn=enigneer,dc=rtp,dc=KiNETWORKS,dc=com"
>
>your dn is:
>dn: cn=Andrew,cn=engineer,dc=rtp,dc=KiNETWORKS,dc=com
>
>-----Original Message-----
>From: Cindy Wang [mailto:cwang@kinetworks.com]
>Sent: Tuesday, March 18, 2003 2:17 PM
>To: openldap-software@OpenLDAP.org
>Subject: test of SASL DIGEST-MD5 mechanism
>
>
>Hi:
>
>I am trying to set up some simple tests of SASL  DIGEST-MD 5 mechanism 
>running openldap.2.1.16 with SASL on Solaris 5.7.  But when I did the 
>search, I got the following message:
>
>ldapsearch -Y DIGEST-MD5 -U u00997 -b 'dc=rtp,dc=KiNETWORKS,dc=com' 
>'cn=Andrew'
>SASL/DIGEST-MD5 authentication started
>Please enter your password:
>ldap_sasl_interactive_bind_s: Internal (implementation specific) error
>(80)
>        additional info: SASL(-13): user not found: no secret in
>database
>
>I have an entry in the Directory as the following:
>
># Andrew, engineer, rtp.KiNETWORKS.com
>dn: cn=Andrew,cn=engineer,dc=rtp,dc=KiNETWORKS,dc=com
>objectClass: person
>objectClass: inetOrgPerson
>cn: Andrew
>sn: Findlay
>uid: u00997
>userPassword:: c2VjcmV0
> 
>================== slapd.conf ====================
>password-hash   {CLEARTEXT}
>sasl-regexp
>        uid=(.*),cn=rtp.KiNETWORKS.com,cn=digest-md5,cn=auth
>        uid=$1,cn=enigneer,dc=rtp,dc=KiNETWORKS,dc=com
>================================================
>
>Could anyone tell if anything is wrong with the above sasl-regexp
>mapping?
>I even ran the debugger and found that in servers/slapd/saslauthz.c, at 
>line
>302, the function call regexec( ) didn't return a 0 with the above 
>sasl-regexp.
>And the following is in the "reg" structure during the debugging:
>*reg = {
>    sr_match     = 0x83e3fd8 
>"uid=(.*),cn=rtp.KiNETWORKS.com,cn=digest-md5,cn=auth"
>    sr_replace   = 0x83a67b8 
>"uid=$1,cn=enigneer,dc=rtp,dc=KiNETWORKS,dc=com"
>    sr_workspace = {
>        re_nsub   = 1U
>        re_comp   = 0x83baba8
>        re_cflags = 5
>        re_erroff = 0
>        re_len    = 108U
>        re_sc     = 0x83bac30
>    }
>    sr_strings   = (
>{
>        rm_sp = 0x656e6973 "<bad address 0x656e6973>"
>        rm_ep = 0x61437373 "<bad address 0x61437373>"
>        rm_so = 1869047156
>        rm_eo = 606108018
>        rm_ss = 1918984992
>        rm_es = 1701013836
>    }{
>        rm_sp = 0x2065736e "<bad address 0x2065736e>"
>        rm_ep = 0x65642024 "<bad address 0x65642024>"
>        rm_so = 1953653104
>        rm_eo = 1953391981
>        rm_ss = 1651340622
>        rm_es = 606106213
>    }{
>        rm_sp = 0x69640920 "<bad address 0x69640920>"
>        rm_ep = 0x616c7073 "<bad address 0x616c7073>"
>        rm_so = 1835093625
>        rm_eo = 539238501
>        rm_ss = 1819307365
>        rm_es = 1701149039
>    }{
>        rm_sp = 0x626d754e "<bad address 0x626d754e>"
>        rm_ep = 0x24207265 "<bad address 0x24207265>"
>        rm_so = 1886217504
>        rm_eo = 1702457196
>        rm_ss = 1886999653
>        rm_es = 539238501
>    }{
>        rm_sp = 0x65766967 "<bad address 0x65766967>"
>        rm_ep = 0x6d614e6e "<bad address 0x6d614e6e>"
>        rm_so = 539238501
>        rm_eo = 1836017673
>        rm_ss = 1869107301
>        rm_es = 606102894
>    }{
>        rm_sp = 0x6d6f6820 "<bad address 0x6d6f6820>"
>        rm_ep = 0x736f5065 "<bad address 0x736f5065>"
>        rm_so = 1097621876
>        rm_eo = 1701995620
>        rm_ss = 606106483
>        rm_es = 1768843552
>    }{
>        rm_sp = 0x6c616974 "<bad address 0x6c616974>"
>        rm_ep = 0x20242073 "<bad address 0x20242073>"
>        rm_so = 1734701162
>        rm_eo = 1953458256
>        rm_ss = 539238511
>        rm_es = 1650551817
>    }{
>        rm_sp = 0x64656c65 "<bad address 0x64656c65>"
>        rm_ep = 0x20495255 "<bad address 0x20495255>"
>        rm_so = 1634541604
>        rm_eo = 606104681
>        rm_ss = 1851878688
>        rm_es = 1919248225
>    }{
>        rm_sp = 0x6d202420 "<bad address 0x6d202420>"
>        rm_ep = 0x6c69626f "<bad address 0x6c69626f>"
>        rm_so = 539238501
>        rm_eo = 539238511
>        rm_ss = 1701273968
>        rm_es = 539238514
>    }{
>        rm_sp = 0x6f687009 "<bad address 0x6f687009>"
>        rm_ep = 0x24206f74 "<bad address 0x24206f74>"
>        rm_so = 1869574688
>        rm_eo = 1836404333
>        rm_ss = 544367970
>        rm_es = 1702043684
>    }
>)
>    sr_offset    = (-2, 4, 46, -1, 1919251317, 1953654083, 1667851881, 
>543519841, 2013863972, 1966092341, 1970366830, 1701071205)
>}
>
>
>
>================== log information for the slapd
>==========================
>==slap_sasl2dn: Converted SASL name to <nothing>
>SASL Canonicalize [conn=0]: authcDN="uid=u00997,cn=digest-md5,cn=auth"
>SASL Canonicalize [conn=0]: authzid="u00997"
>SASL [conn=0] Failure: no secret in database
>send_ldap_result: conn=0 op=1 p=3
>send_ldap_result: err=80 matched="" text="SASL(-13): user not found: no 
>secret in database"
>send_ldap_response: msgid=2 tag=97 err=80
>ber_flush: 62 bytes to sd 11
>  0000:  30 3c 02 01 02 61 37 0a  01 50 04 00 04 30 53 41   
>0<...a7..P...0SA 
>  0010:  53 4c 28 2d 31 33 29 3a  20 75 73 65 72 20 6e 6f   SL(-13): 
>user no 
>  0020:  74 20 66 6f 75 6e 64 3a  20 6e 6f 20 73 65 63 72   t found: no 
>secr 
>  0030:  65 74 20 69 6e 20 64 61  74 61 62 61 73 65         et in 
>database   
>ldap_write: want=62, written=62
>  0000:  30 3c 02 01 02 61 37 0a  01 50 04 00 04 30 53 41   
>0<...a7..P...0SA 
>  0010:  53 4c 28 2d 31 33 29 3a  20 75 73 65 72 20 6e 6f   SL(-13): 
>user no 
>  0020:  74 20 66 6f 75 6e 64 3a  20 6e 6f 20 73 65 63 72   t found: no 
>secr 
>  0030:  65 74 20 69 6e 20 64 61  74 61 62 61 73 65         et in 
>database   
>conn=0 op=1 RESULT tag=97 err=80 text=SASL(-13): user not found: no 
>secret in database
><== slap_sasl_bind: rc=80
>daemon: select: listen=7 active_threads=1 tvp=NULL
>daemon: activity on 1 descriptors
>daemon: activity on: 11r
>daemon: read activity on 11
>connection_get(11)
>connection_get(11): got connid=0
>connection_read(11): checking for input on id=0
>ber_get_next
>ldap_read: want=9, got=0
>
>ber_get_next on fd 11 failed errno=0 (Error 0)
>connection_read(11): input error=-2 id=0, closing.
>connection_closing: readying conn=0 sd=11 for close
>connection_close: conn=0 sd=11
>daemon: removing 11
>conn=0 fd=11 closed
>daemon: select: listen=7 active_threads=0 tvp=NULL
>daemon: activity on 1 descriptors
>daemon: select: listen=7 active_threads=0 tvp=NULL
>
>======================================================================
>
>Thanks very much for your help.
>
>Cindy Wang
>Software Product Engineer
>KiNETWORKS
>NOTICE: This E-mail may contain confidential information. If you are not
>the addressee or the intended recipient please do not read this E-mail
>and please immediately delete this e-mail message and any attachments
>from your workstation or network mail system. If you are the addressee
>or the intended recipient and you save or print a copy of this E-mail,
>please place it in an appropriate file, depending on whether
>confidential information is contained in the message.
>
>
>  
>
Follow-Ups:
- Re: test of SASL DIGEST-MD5 mechanism
  - From: Cindy Wang <cwang@kinetworks.com>
Prev by Date: Re: Different CN's for DN and CN.
Next by Date: Search Scope ?
Index(es):
- Chronological
- Thread