[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL problem

To: OpenLDAP-software@OpenLDAP.org
Subject: SASL problem
From: Fyodor Smirnov <wmac@yandex.ru>
Date: Wed, 05 Oct 2005 22:01:35 +0400
User-agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)

Please, give any ideas.

db-4.3.28,
cyrus-sasl-2.1.21,
openldap 2.3.7
from FreeBSD ports
on the fresh installed FreeBSD 4.11 (no more installed packages)


I have troubles with SASL authentication on Openldap server.

I run ldapwhoami:
====================================
test# ldapwhoami -U testuser
SASL/DIGEST-MD5 authentication started
====================================
...and the program hangs, password request does not occur.

I test SASL installation with sample server and client from cyrus-sasl distribution. All tests have passed successfully.


Directory structure:
====================================
dn: dc=test,dc=ru
objectClass: top
objectClass: dcObject
objectClass: organization
dc: test
o: test

dn: cn=manager,dc=test,dc=ru
objectClass: top
objectClass: organizationalRole
cn: manager

dn: ou=users,dc=test,dc=ru
objectClass: top
objectClass: organizationalUnit
ou: users

dn: uid=test,ou=users,dc=test,dc=ru
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: test
cn: test
sn: testov
userPassword: test098
====================================

slapd.conf:
====================================
include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/misc.schema
pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args
allow   bind_v2

database        bdb
suffix          "dc=test,dc=ru"
rootdn          "cn=manager,dc=test,dc=ru"
rootpw          test9274
directory       /var/db/openldap-data
index   objectClass     eq
index   uid             eq,pres

sasl-regexp
  uid=([^,]*),cn=digest-md5,cn=auth
  uid=$1,cn=users,dc=test,dc=ru

sasl-regexp
  uid=([^,]*),cn=test.ru,cn=digest-md5,cn=auth
  uid=$1,cn=users,dc=test,dc=ru
====================================

End of "ldapwhoami -U test -d -1" debug ==================================== ldap_sasl_interactive_bind_s: server supports: DIGEST-MD5 CRAM-MD5 ldap_int_sasl_bind: DIGEST-MD5 CRAM-MD5 ldap_int_sasl_open: host=test.ae.ru SASL/DIGEST-MD5 authentication started ldap_sasl_bind_s ldap_sasl_bind ldap_send_initial_request ldap_send_server_request ber_flush: 26 bytes to sd 3 0000: 30 18 02 01 02 60 13 02 01 03 04 00 a3 0c 04 0a 0....`.......... 0010: 44 49 47 45 53 54 2d 4d 44 35 DIGEST-MD5 ldap_write: want=26, written=26 0000: 30 18 02 01 02 60 13 02 01 03 04 00 a3 0c 04 0a 0....`.......... 0010: 44 49 47 45 53 54 2d 4d 44 35 DIGEST-MD5 ldap_result msgid 2 ldap_chkResponseList for msgid=2, all=1 ldap_chkResponseList returns NULL wait4msg (infinite timeout), msgid 2 wait4msg continue, msgid 2, all 1 ** Connections: * host: localhost port: 389 (default) refcnt: 2 status: Connected last used: Thu Oct 6 01:35:52 2005

** Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
ldap_chkResponseList for msgid=2, all=1
ldap_chkResponseList returns NULL
ldap_int_select
====================================

End of "slapd -d -1" debug ==================================== daemon: activity on 1 descriptors daemon: activity on: 13r daemon: read activity on 13 connection_get(13) connection_get(13): got connid=3 connection_read(13): checking for input on id=3 ber_get_next ldap_read: want=8, got=8 0000: 30 18 02 01 02 60 13 02 0....`.. ldap_read: want=18, got=18 0000: 01 03 04 00 a3 0c 04 0a 44 49 47 45 53 54 2d 4d ........DIGEST-M 0010: 44 35 D5 ber_get_next: tag 0x30 len 24 contents: ber_dump: buf=0x0820f8e0 ptr=0x0820f8e0 end=0x0820f8f8 len=24 0000: 02 01 02 60 13 02 01 03 04 00 a3 0c 04 0a 44 49 ...`..........DI 0010: 47 45 53 54 2d 4d 44 35 GEST-MD5 ber_get_next ldap_read: want=8 error=(null) ber_get_next on fd 13 failed errno=35 (Resource temporarily unavailable) daemon: select: listen=8 active_threads=0 tvp=NULL daemon: select: listen=9 active_threads=0 tvp=NULL do_bind ber_scanf fmt ({imt) ber: ber_dump: buf=0x0820f8e0 ptr=0x0820f8e3 end=0x0820f8f8 len=21 0000: 60 13 02 01 03 04 00 a3 0c 04 0a 44 49 47 45 53 `..........DIGES 0010: 54 2d 4d 44 35 T-MD5 ber_scanf fmt ({m) ber: ber_dump: buf=0x0820f8e0 ptr=0x0820f8ea end=0x0820f8f8 len=14 0000: 00 0c 04 0a 44 49 47 45 53 54 2d 4d 44 35 ....DIGEST-MD5 ber_scanf fmt (}}) ber: ber_dump: buf=0x0820f8e0 ptr=0x0820f8f8 end=0x0820f8f8 len=0

>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_sasl_bind: dn () mech DIGEST-MD5
conn=3 op=1 BIND dn="" method=163
==> sasl_bind: dn="" mech=DIGEST-MD5 datalen=0
SASL [conn=3] Debug: DIGEST-MD5 server step 1
====================================

What else can I do to find the reason of error?


Thank you.

Best regards,
Fyodor Smirnov

Prev by Date: RE: intergrate ldap directories
Next by Date: Replicating more than one database problem
Index(es):
- Chronological
- Thread