[Date Prev][Date Next] [Chronological] [Thread] [Top]
sasldb problem

To: <openldap-software@OpenLDAP.org>
Subject: sasldb problem
From: "Andrey Nepomnyaschih" <A.Nepomnyaschih@chartpilot.ru>
Date: Fri, 18 Jul 2003 17:21:12 +0400
Importance: Normal
Hello over there,

I'm trying to get sasl working with sasldb plug-in that comes with
OpenLDAP on FreeBSD 5.1 without success. I've tried both ldapdb.c
patches that comes with OpenLDAP 2.1.22 and from CVSWeb at openldap.org
for Cyrus SASL 2.13. Also, I've tried to put libraries into both
/usr/lib/sasl2/ and /usr/local/lib/sasl2/ but that doesn't make any
difference.

I'm testing it with sample (server, client) from sasl distribution. I
always get user not found error. Can someone help me?

Hope that someone will help me,
Andrey Nepomnyaschih

P.S. The ldapwhoami works.
ldapwhoami -U rednasy -X u:rednasy -Y DIGEST-MD5 -H ldapi:///
SASL/DIGEST-MD5 authentication started
Please enter your password:
SASL username: u:rednasy
SASL SSF: 128
SASL installing layers
dn:uid=rednasy,ou=users,dc=chartpilot,dc=ru

Here are output:

root /usr/ports/security/cyrus-sasl2/work/cyrus-sasl-2.1.13/sample$
./server
trying 28, 1, 6
trying 2, 1, 6
accepted new connection
send: {46}
NTLM LOGIN ANONYMOUS PLAIN DIGEST-MD5 CRAM-MD5
recv: {10}
DIGEST-MD5
recv: {1}
N
send: {124}
nonce="ioAWlBKAOvBnRP5emY1Jy6JhevR8/o//Ex0y3pirtK4=",realm="flora.chartp
ilot.ru",qop="auth",charset=utf-8,algorithm=md5-sess
recv: {244}
username="rednasy",realm="flora.chartpilot.ru",nonce="ioAWlBKAOvBnRP5emY
1Jy6JhevR8/o//Ex0y3pirtK4=",cnonce="299usQRHGFjAXvvcBc80o89mKCduMO0bE2ai
cY7HWjA=",nc=00000001,qop=auth,digest-uri="rcmd/localhost",response=4ef6
ba318c544296f3090e91d47d08df
performing SASL negotiation: user not foundclosing connection

root /usr/ports/security/cyrus-sasl2/work/cyrus-sasl-2.1.13/sample$
./client -p 12345 localhost
receiving capability list... recv: {46}
NTLM LOGIN ANONYMOUS PLAIN DIGEST-MD5 CRAM-MD5
NTLM LOGIN ANONYMOUS PLAIN DIGEST-MD5 CRAM-MD5
send: {10}
DIGEST-MD5
send: {1}
N
recv: {124}
nonce="ioAWlBKAOvBnRP5emY1Jy6JhevR8/o//Ex0y3pirtK4=",realm="flora.chartp
ilot.ru",qop="auth",charset=utf-8,algorithm=md5-sess
please enter an authentication id: rednasy
please enter an authorization id: rednasy
Password:
send: {244}
username="rednasy",realm="flora.chartpilot.ru",nonce="ioAWlBKAOvBnRP5emY
1Jy6JhevR8/o//Ex0y3pirtK4=",cnonce="299usQRHGFjAXvvcBc80o89mKCduMO0bE2ai
cY7HWjA=",nc=00000001,qop=auth,digest-uri="rcmd/localhost",response=4ef6
ba318c544296f3090e91d47d08df
authentication failed
closing connection

The console also logs the following:
Jul 18 17:14:28 flora lt-server: auxpropfunc error -7
Jul 18 17:14:34 flora lt-server: no secret in database

This is the way I got libldap.a and and libldap.so.2

/bin/sh ../libtool --mode=compile cc -DHAVE_CONFIG_H -I. -I. -I..
-I../include -I../lib -I../sasldb  -I/usr/local/include/db41
-I/usr/local/include -Wall -W -Wall -O -pipe -mcpu=pentiumpro
-Wl,-rpath,/usr/lib:/usr/local/lib -c ldapdb.c

/bin/sh ../libtool --mode=link cc  -Wall -W -Wall -O -pipe
-mcpu=pentiumpro -Wl,-rpath,/usr/lib:/usr/local/lib -L/usr/local/lib
-R/usr/local/lib -rpath=/usr/lib:/usr/local/lib -module -export-dynamic
-rpath /usr/local/lib/sasl2 -o libldap.la  -version-info 2:13:0
ldapdb.lo -lldap -llber -L/usr/local/lib  -R/usr/local/lib -ldb41

The /usr/local/lib/sasl2/sample.conf:
pwcheck_method: auxprop
auxprop_plugin: ldapdb
ldapdb_uri: ldapi://
ldapdb_id:  rednasy
ldapdb_pw:  password
ldapdb_mech: DIGEST-MD5

The base LDAP structure is as follows:
dn: dc=chartpilot,dc=ru
objectClass: top
objectclass: dcObject
objectClass: organization
o: Chart Pilot Ltd.
dc: chartpilot

dn: cn=Manager,dc=chartpilot,dc=ru
objectClass: top
objectclass: organizationalRole
cn: Manager

dn: ou=Users,dc=chartpilot,dc=ru
objectClass: top
objectClass: organizationalUnit
ou: Users

dn: uid=rednasy,ou=Users,dc=chartpilot,dc=ru
objectClass: inetOrgPerson
objectClass: posixAccount
cn: Andrey Nepomnyaschih
uid: rednasy
displayName: Andrey Nepomnyaschih
uidNumber: xxx
gidNumber: xxx
homeDirectory: /home/nas
loginShell: /usr/local/bin/bash
userPassword: password
sn: Nepomnyaschih
givenName: Andrey
saslAuthzTo: uid=.*,ou=Users,dc=chartpilot,dc=ru

I added the following lines to slapd.conf
sasl-regexp
  uid=(.*),cn=.*,cn=.*,cn=auth
  uid=$1,ou=Users,dc=chartpilot,dc=ru

sasl-regexp
  uid=(.*),cn=.*,cn=auth
  uid=$1,ou=Users,dc=chartpilot,dc=ru

password-hash   {CLEARTEXT}

sasl-authz-policy to
Prev by Date: Re: Error searching DNs with escaped special characters
Next by Date: RE: Server Side Sort
Index(es):
- Chronological
- Thread