[Date Prev][Date Next] [Chronological] [Thread] [Top]

CRAM-MD5 uid mystery

To: openldap <openldap-software@OpenLDAP.org>
Subject: CRAM-MD5 uid mystery
From: Kent Soper <dksoper@us.ibm.com>
Date: Mon, 28 Jul 2003 13:19:30 -0500




Hi,

Do LDAP requests run as 'root' default to uid 500?

I'm trying to get CRAM-MD5 authentication working using Cyrus SASL 2.1.13.
I ran an ldapsearch query as root and ran into this error:

SASL(-13):  user not found:  no secret in database

Which is ok because I don't have root in my database (I was just doing a
"what if").  But I looked at my server output (-d 127) and noticed this:

SASL Canonicalize [conn=2]:  authcid="dkent" and followed by "...
uid=dkent,cn=..."

'dkent' is not set in an environment variable within the command shell, and
'dkent' is not configured anywhere or in anyway.  But username 'dkent' has
uid 500 on my system.  Other usernames are extracted correctly.

What's going on here?  Does 'root' get mapped to uid 500 by default as a
protection mechanism?

Cheers,
Kent Soper

"You don't stop playing because you grow old ...
       you grow old because you stop playing."

Linux Technology Center, Linux Security
phone:  1-512-838-9216
e-mail:  dksoper@us.ibm.com

Prev by Date: Re: More on my password problem
Next by Date: RE: library questions: LDAPMessage, msgid, ...
Index(es):
- Chronological
- Thread