[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: trouble with openldap 2.1.22 and sasl proxy auth
Hello Eddie,
Finally I have setup ldapdb with sasl but digging I found (maybe) the
cause of the problem for me and you. Here is the log output from running
slapd with debug level of 255.
Maybe you should add the following regexp:
sasl-regexp
uid=(.*),cn=auth
uid=$1,ou=Users,dc=chartpilot,dc=ru
The cause you can see below.
===>slap_sasl_match: comparing DN uid=nas,cn=auth to rule
uid=.*,ou=Users,dc=chartpilot,dc=ru
^^^^^^^^^^^^^^^
slap_parseURI: parsing uid=.*,ou=Users,dc=chartpilot,dc=ru
ldap_url_parse_ext(uid=.*,ou=Users,dc=chartpilot,dc=ru)
>>> dnNormalize: <uid=.*,ou=Users,dc=chartpilot,dc=ru>
=> ldap_bv2dn(uid=.*,ou=Users,dc=chartpilot,dc=ru,0)
<= ldap_bv2dn(uid=.*,ou=Users,dc=chartpilot,dc=ru,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=.*,ou=users,dc=chartpilot,dc=ru,272)=0
<<< dnNormalize: <uid=.*,ou=users,dc=chartpilot,dc=ru>
<===slap_sasl_match: comparison returned 48
<==slap_sasl_check_authz: saslAuthzTo check returning 48
<== slap_sasl_authorized: return 48
<= get_ctrls: n=1 rc=47 err="not authorized to assume identity"
Have a good time,
Andrey Nepomnyaschih
-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of Edward Rudd
Sent: Saturday, July 19, 2003 11:14 AM
To: OpenLDAP
Subject: trouble with openldap 2.1.22 and sasl proxy auth
I was running 2.1.19 and had sasl proxy auth (sasl authz) working great
and using the ldapdb auxprop plugin for sasl to authenticate services..
Then I upgraded to 2.1.22 and now the proxy authentication won't work
any more...
this command..
ldapwhoami -U auxprop -X u:eddie -Y DIGEST-MD5 -H ldap:/// returns back
the DN of auxprop instead of the DN for eddie.. The configuration is
exactly the same.. same DB as well.. and the logs don't show any
errors... Does anyone have any idea of what I need to look for to solve
this???
--
Edward Rudd <eddie@omegaware.com>
Home Page <http://urkle.drip.ws/>