[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP + SASL

To: openldap-software@OpenLDAP.org
Subject: OpenLDAP + SASL
From: Matt Heitzenroder <matt@roderco.net>
Date: Fri, 07 May 2004 01:41:58 -0400

Hi Everyone,

We’re having some problems with OpenLDAP+SASL.  We’ve checked through
the list logs, but still haven’t gotten very far.

Versions:
LDAPv3
SASLv2
Libsaslv2

The OS is Debian.

Output of commands:
 
debian:/usr/lib/sasl2# ldapsearch -h localhost -p 389 -Y -s base -LLL
supportedSASLMechanisms -d 1
ldap_create
ldap_interactive_sasl_bind_s: user selected: -s
ldap_int_sasl_bind: -s
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_ndelay_off: 3
ldap_int_sasl_open: host=debian
ldap_perror
ldap_sasl_interactive_bind_s: Unknown authentication method (86)
        additional info: SASL(-4): no mechanism available: No worthy
mechs found

 
debian:/usr/lib/sasl2# ldapsearch -h localhost -p 389 -Y -s base -LLL
supportedSASLMechanisms -d 1
ldap_create
ldap_interactive_sasl_bind_s: user selected: -s
ldap_int_sasl_bind: -s
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_ndelay_off: 3
ldap_int_sasl_open: host=debian
ldap_perror
ldap_sasl_interactive_bind_s: Unknown authentication method (86)
        additional info: SASL(-4): no mechanism available: No worthy
mechs found
debian:/usr/lib/sasl2# apt-get install libsasl2
Reading Package Lists... Done
Building Dependency Tree... Done
libsasl2 is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 19 not upgraded.
debian:/usr/lib/sasl2# ldapsearch -h localhost -p 389 -x -s base -LLL
supportedSASLMechanisms -d 1
ldap_create
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_ndelay_off: 3
ldap_int_sasl_open: host=debian
ldap_open_defconn: successful
ldap_send_server_request
ber_flush: 14 bytes to sd 3
ldap_result msgid 1
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 1
wait4msg continue, msgid 1, all 1
** Connections:
* host: localhost  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Fri May  7 03:54:01 2004
** Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 1, all 1
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
ldap_read: message type bind msgid 1, original id 1
ber_scanf fmt ({iaa) ber:
read1msg:  0 new referrals
read1msg:  mark request completed, id = 1
request 1 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
ldap_search_ext
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ldap_send_initial_request
ldap_send_server_request
ber_flush: 64 bytes to sd 3
ldap_result msgid -1
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid -1
wait4msg continue, msgid -1, all 0
** Connections:
* host: localhost  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Fri May  7 03:54:01 2004
** Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid -1, all 0
ber_get_next
ber_get_next: tag 0x30 len 9 contents:
ldap_read: message type search-entry msgid 2, original id 2
ldap_get_dn
ber_scanf fmt ({a) ber:
dn:
ber_scanf fmt ({xx) ber:
ldap_first_attribute
ber_scanf fmt ({xl{) ber:
ldap_msgfree
ldap_result msgid -1
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid -1
wait4msg continue, msgid -1, all 0
** Connections:
* host: localhost  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Fri May  7 03:54:01 2004
** Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid -1, all 0
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
ldap_read: message type search-result msgid 2, original id 2
ber_scanf fmt ({iaa) ber:
read1msg:  0 new referrals
read1msg:  mark request completed, id = 2
request 2 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 2, msgid 2)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (}) ber:
ldap_unbind
ldap_free_connection
ldap_send_unbind
ber_flush: 7 bytes to sd 3
ldap_free_connection: actually freed

debian:/usr/lib/sasl2# ldapsearch -h localhost -p 389 -x -s base -LLL
supportedSASLMechanisms

dn:

 

Not quite sure what’s going wrong where.  It almost seems like SASL
isn’t there or isn’t working properly.

Any help is greatly appreciated.

Thanks!

Follow-Ups:
- Re: OpenLDAP + SASL
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: OpenLDAP + SASL
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: OpenLDAP + SASL
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: Re: Fw: ldap_add: Operations error
Next by Date: OpenLDAP behavior with regards to MessageID and the RFC
Index(es):
- Chronological
- Thread