[Date Prev][Date Next] [Chronological] [Thread] [Top]

HowTo for Red Hat Linux 7.1 and SASL



Hello everyone,

I've been testing the How-To document I've written for Red Hat Linux 7.1.
The goal is to use SASL to authenticate the replication user account, and
permit replication traffic to work in plain text.

I already have this configuration working on FreeBSD 4.3 - for details, see
http://home.att.net/~ldap-sasl.howto/freebsd-howto.html .  However, the Red
Hat Linux 7.1 instructions aren't complete yet as I'm stuck on an issue.

I have enclosed the following documents with this email: 
primary.slapd.conf - master slapd configuration file
sasl.slapd.conf - /usr/lib/sasl/slapd.conf
backup.slapd.conf - backup slapd configuration file
linux-howto.html - the DRAFT how-to document
debug.txt - output of /usr/local/libexex/slurpd -d 255

The debug.txt file shows the entire output from slurpd, running on the
primary LDAP server.  This server can and will replicate successfully via
SASL with a FreeBSD 4.3 server.  However, it cannot yet replicate with the
Red Hat Linux 7.1 server.  FYI, the primary LDAP server is running Red Hat
Linux 7.1.

The error that concerns me is on line 270 of debug.txt:
Error: LDAP SASL for jarrett.safeco.com:389 failed: Unknown error

This does not kick out a reject file as with other slurpd errors.

If you would like to have a How To document for installing OpenLDAP with
SASL on Red Hat Linux, please test the configuration described in
linux-howto.html.  I would appreciate it if someone would assist me in
troubleshooting this difficult error.  Credit will be given to those who
assist.

Thank you,


Kayne McGladrey
kaymcg@safeco.com 

Attachment: sasl.slapd.conf
Description: Binary data

= = = = = = = = = How To: Configure SASL Replication for OpenLDAP 2.0.11 on Red = Hat = 7.1 Kayne McGladrey October 1st, 2001 Click here for the FreeBSD 4.3 = version of this document. Summary: This how to document describes how to install and = configure OpenLDAP on Red Hat Linux 7.1. The specific objective is = to = secure the replication user account via DIGEST-MD5 authentication = implemented in the SASL library. This guide does NOT involve use of = Kerberos, Cyrus-IMAP, or SSL. Under the model described in this how = to, the user name and password of the replication account will be = passed in an encrypted form. Actual replication traffic will be sent = in plain-text. This is a suitable model for using behind a corporate = firewall, where replication traffic will not expose sensitive data. = If you need to secure your replication traffic (i.e., in the case of = authenticating user logins via LDAP), this guide will not help = you. This document has been tested but is by no means complete. If you = have comments or questions, email me at This how to assumes that you have a working copy of Red Hat Linux = on two servers. The installation and configuration of Red Hat Linux = 7.1 is outside the scope of this document. As a side note, I'm = successfully running replication between both Red Hat 7.1 and = FreeBSD = 4.3. Determing Which Packages to Install Type and press Enter. Type the root password and press = Enter. By default, the Server = installation = of Red Hat Linux 7.1 installs many of the RPMS required. To = determine which RPMS to install, type: rpm -qa | grep db3 rpm -qa | grep = openssh You = must have both the binary package and the devel package for each of = these commands. Skip those steps for packages that are already = installed. You should have to download openssl-devel = at a minimum. If you don't have the Red Hat = CDROMs, you'll have to download the files. You should be able to = find the most recent version of each file at rpmfind.net. = Switch the relevant path statements from Installing Cyrus-SASL Insert the Red Hat Linux 7.1 = CDROM = 1 in the CD-ROM drive. Type and press Enter. Type rpm -Ivh = /mnt/cdrom/RedHat/RPMS/cyrus-sasl-1.5.24-17.rpm = and press Enter. Type and press Enter. Remove the CDROM from the CDROM = drive. Insert the Red Hat Linux 7.1 CDROM 2 in the = drive. Type and press Enter. Type rpm -ivh and = press Enter. Type and press Enter. Installing Berkeley DB3 Insert the Red Hat Linux 7.1 = CDROM = 1 in the CD-ROM drive. Type and press Enter. Type rpm -ivh = /mnt/cdrom/RedHat/RPMS/db3-3.1.1-17.rpm Type and press Enter. Remove the CDROM from the CDROM = drive. Insert the Red Hat Linux 7.1 CDROM 2 in the = drive. Type and press Enter. Type rpm -ivh and press = Enter. Type and press Enter. Installing OpenSSL Insert the Red Hat Linux 7.1 = CDROM = 1 in the CD-ROM drive. Type and press Enter. Type rpm -ivh = = and press Enter. Type u and press Enter. The = CD-ROM = should now be put aside. Type rpm -ivh Installing OpenLDAP Download the stable version of = OpenLDAP from OpenLDAP.org. = This document describes installation for 2.0.11 and has not been = tested on more recent versions. If you install on a new version, = please Download the following files: = backup.slapd.conf, = primary.slapd.conf, = sasl.slapd.howto. = Save these in a convenient location, i.e., Copy the file to the /usr/src = "" For example, type cp = and press Enter. Type and press = Enter. Type Type and press = Enter. Type = env = CPPFLAGS="-I/usr/include/sasl" = LDFLAGS="-L/usr/lib = -L/usr/lib/sasl" ./configure --enable-login --disable-krb4 = --disable-gssapi --with-des=/usr/include/openssl = --without-kerberos = --disable-kpasswd --with-cyrus-sasl-includes=/usr/include/sasl = --with-cyrus-sasl-libraries=/usr/lib/sasl/ = --enable-spasswd = and press Enter. make depend = and press Enter. make = and press Enter. Depending on the speed of your server, this might = be a good time to catch up on your email and get a cup of = coffee. make test and press Enter. = You should be well through the second cup by now. make install = and press Enter. Type = cp = /home/user/incoming/sasl.slapd.conf /usr/lib/sasl/slapd.conf = and press Enter. If = the = server you are configuring is the primary LDAP server: Type cp = /home/user/incoming/primary.slapd.conf = /usr/local/etc/openldap/slapd.conf and press = Enter. If = the = server you are configuring is a backup LDAP Server: 1. Type = saslpasswd -c = REPL.LDAP.DOMAIN.COM and press = Enter. When prompted, enter the password for REPL.LDAP.DOMAIN.COM2. Type = sasldblistusers and press Enter. = The output should be as follows: user: = REPL.LDAP.DOMAIN.COM realm: server.domain.com mech: PLAIN user: = REPL.LDAP.DOMAIN.COM realm: server.domain.com mech: = CRAM-MD5 (where = server = should be equal to the server name). 3. Type = and press Enter. domain = with your domain name. This particular configuration file uses a = flat namespace and is tuned to suit the needs of Microsoft Outlook = and Netscape Communicator 4.x. Your mileage may vary. Testing it out Add some data to your database = using either slapadd or = ldapadd. Make certain to = add = the data to both the primary and the backup server. If /usr/local/libexec/slapd = and = press Enter. If /usr/local/libexec/slapd = and = press Enter. Using gq, or some other tool = modify one of the records on the primary ldap server. Start . slurpd wil = parse the configuration file. Output will appear like = this: new = work in /usr/local/etc/openldap/replog/replog.log copy replog = "/usr/local/etc/openldap/replog/replog.log" to = = "/usr/local/var/openldap-slurp/replica/slurpd.replog" Initi= alizing = session to backup.domain.com:389 ldap_create bind to = backup.com as REPL.LDAP.DOMAIN.COM via DIGEST-MD5 = (SASL) ldap_interactive_sasl_bind_s: user selected: = DIGEST-MD5 ldap_int_sasl_bind: = = DIGEST-MD5 ldap_new_connection ldap_int_open_connection ldap_co= nnect_to_host ldap_new_socket: = 8 ldap_prepare_socket: 8 ldap_connect_to_host: Trying = 192.168.1.2:389 ldap_connect_timeout: fd: 8 tm: -1 async: = 0 ldap_ndelay_on: 8 ldap_is_sock_ready: = 8 ldap_ndelay_off: = 8 ldap_int_sasl_open: = = backup.domain.com ldap_sasl_bind_s ldap_sasl_bind ldap_send_ini= tial_request ldap_send_server_request Eventually, CTRL-C = to quit Congratulations! slurpd = is now working correctly. To start /usr/local/libexec/slurpd = and press Enter. What to do if it doesn't work Don't worry. This guide uses a large number of commands = that = are case-sensitive and must be typed exactly as shown. A typo will = sabotage these instructions quite quickly. The first thing to do = is = to clean up. Type cd = /usr/src/openldap-2.0.11 and = press = Enter. Type and press Enter. Start at the beginnning of this = How To document again. If it still doesn't work The OpenLDAP software mailing list has = a = large number of knowledgeable readers who may be able to help. = First, = check the archives. If your question is not answered there, post a = question and wait for a response. = =

Attachment: primary.slapd.conf
Description: Binary data

Attachment: backup.slapd.conf
Description: Binary data

Config: ** configuration file successfully read and parsed
No status file found, defaulting values
new work in /usr/local/etc/openldap/replog/replog.log
copy replog "/usr/local/etc/openldap/replog/replog.log" to "/usr/local/var/openldap-slurp/replica/slurpd.replog"
begin replication thread for jarrett.safeco.com:389
Initializing session to jarrett.safeco.com:389
ldap_create
bind to jarrett.safeco.com as REPL.LDAP.SAFECO.COM via DIGEST-MD5 (SASL)
ldap_interactive_sasl_bind_s: user selected: DIGEST-MD5
ldap_int_sasl_bind: DIGEST-MD5
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host
ldap_new_socket: 6
ldap_prepare_socket: 6
ldap_connect_to_host: Trying 192.168.1.2:389
ldap_connect_timeout: fd: 6 tm: -1 async: 0
ldap_ndelay_on: 6
ldap_is_sock_ready: 6
ldap_ndelay_off: 6
ldap_int_sasl_open: jarrett.safeco.com
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ber_flush: 50 bytes to sd 6
  0000:  30 30 02 01 01 60 2b 02  01 03 04 18 75 69 64 3d   00...`+.....uid=
  0010:  52 45 50 4c 2e 4c 44 41  50 2e 53 41 46 45 43 4f   REPL.LDAP.SAFECO
  0020:  2e 43 4f 4d a3 0c 04 0a  44 49 47 45 53 54 2d 4d   .COM....DIGEST-M
  0030:  44 35                                              D5
ldap_write: want=50, written=50
  0000:  30 30 02 01 01 60 2b 02  01 03 04 18 75 69 64 3d   00...`+.....uid=
  0010:  52 45 50 4c 2e 4c 44 41  50 2e 53 41 46 45 43 4f   REPL.LDAP.SAFECO
  0020:  2e 43 4f 4d a3 0c 04 0a  44 49 47 45 53 54 2d 4d   .COM....DIGEST-M
  0030:  44 35                                              D5
ldap_result msgid 1
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 1
wait4msg continue, msgid 1, all 1
** Connections:
* host: jarrett.safeco.com  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Wed Oct  3 13:52:16 2001

** Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
do_ldap_select
read1msg: msgid 1, all 1
ber_get_next
ldap_read: want=1, got=1
  0000:  30                                                 0
ldap_read: want=1, got=1
  0000:  81                                                 .
ldap_read: want=1, got=1
  0000:  b7                                                 .
ldap_read: want=183, got=183
  0000:  02 01 01 61 81 b1 0a 01  0e 04 00 04 00 87 81 a7   ...a............
  0010:  72 65 61 6c 6d 3d 22 6a  61 72 72 65 74 74 22 2c   realm="jarrett",
  0020:  6e 6f 6e 63 65 3d 22 6a  4b 4b 36 54 2f 39 74 30   nonce="jKK6T/9t0
  0030:  2f 41 31 47 50 2b 34 36  6f 71 43 34 2b 6f 75 35   /A1GP+46oqC4+ou5
  0040:  5a 4b 5a 54 2f 63 4e 65  4c 67 77 42 45 4b 2b 49   ZKZT/cNeLgwBEK+I
  0050:  4a 49 3d 22 2c 71 6f 70  3d 22 61 75 74 68 2c 61   JI=",qop="auth,a
  0060:  75 74 68 2d 69 6e 74 2c  61 75 74 68 2d 63 6f 6e   uth-int,auth-con
  0070:  66 22 2c 63 69 70 68 65  72 3d 22 72 63 34 2d 34   f",cipher="rc4-4
  0080:  30 2c 72 63 34 2d 35 36  2c 72 63 34 2c 64 65 73   0,rc4-56,rc4,des
  0090:  2c 33 64 65 73 22 2c 63  68 61 72 73 65 74 3d 75   ,3des",charset=u
  00a0:  74 66 2d 38 2c 61 6c 67  6f 72 69 74 68 6d 3d 6d   tf-8,algorithm=m
  00b0:  64 35 2d 73 65 73 73                               d5-sess
ber_get_next: tag 0x30 len 183 contents:
ber_dump: buf=0x08082080 ptr=0x08082080 end=0x08082137 len=183
  0000:  02 01 01 61 81 b1 0a 01  0e 04 00 04 00 87 81 a7   ...a............
  0010:  72 65 61 6c 6d 3d 22 6a  61 72 72 65 74 74 22 2c   realm="jarrett",
  0020:  6e 6f 6e 63 65 3d 22 6a  4b 4b 36 54 2f 39 74 30   nonce="jKK6T/9t0
  0030:  2f 41 31 47 50 2b 34 36  6f 71 43 34 2b 6f 75 35   /A1GP+46oqC4+ou5
  0040:  5a 4b 5a 54 2f 63 4e 65  4c 67 77 42 45 4b 2b 49   ZKZT/cNeLgwBEK+I
  0050:  4a 49 3d 22 2c 71 6f 70  3d 22 61 75 74 68 2c 61   JI=",qop="auth,a
  0060:  75 74 68 2d 69 6e 74 2c  61 75 74 68 2d 63 6f 6e   uth-int,auth-con
  0070:  66 22 2c 63 69 70 68 65  72 3d 22 72 63 34 2d 34   f",cipher="rc4-4
  0080:  30 2c 72 63 34 2d 35 36  2c 72 63 34 2c 64 65 73   0,rc4-56,rc4,des
  0090:  2c 33 64 65 73 22 2c 63  68 61 72 73 65 74 3d 75   ,3des",charset=u
  00a0:  74 66 2d 38 2c 61 6c 67  6f 72 69 74 68 6d 3d 6d   tf-8,algorithm=m
  00b0:  64 35 2d 73 65 73 73                               d5-sess
ldap_read: message type bind msgid 1, original id 1
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0x08082080 ptr=0x08082083 end=0x08082137 len=180
  0000:  61 81 b1 0a 01 0e 04 00  04 00 87 81 a7 72 65 61   a............rea
  0010:  6c 6d 3d 22 6a 61 72 72  65 74 74 22 2c 6e 6f 6e   lm="jarrett",non
  0020:  63 65 3d 22 6a 4b 4b 36  54 2f 39 74 30 2f 41 31   ce="jKK6T/9t0/A1
  0030:  47 50 2b 34 36 6f 71 43  34 2b 6f 75 35 5a 4b 5a   GP+46oqC4+ou5ZKZ
  0040:  54 2f 63 4e 65 4c 67 77  42 45 4b 2b 49 4a 49 3d   T/cNeLgwBEK+IJI=
  0050:  22 2c 71 6f 70 3d 22 61  75 74 68 2c 61 75 74 68   ",qop="auth,auth
  0060:  2d 69 6e 74 2c 61 75 74  68 2d 63 6f 6e 66 22 2c   -int,auth-conf",
  0070:  63 69 70 68 65 72 3d 22  72 63 34 2d 34 30 2c 72   cipher="rc4-40,r
  0080:  63 34 2d 35 36 2c 72 63  34 2c 64 65 73 2c 33 64   c4-56,rc4,des,3d
  0090:  65 73 22 2c 63 68 61 72  73 65 74 3d 75 74 66 2d   es",charset=utf-
  00a0:  38 2c 61 6c 67 6f 72 69  74 68 6d 3d 6d 64 35 2d   8,algorithm=md5-
  00b0:  73 65 73 73                                        sess
read1msg:  0 new referrals
read1msg:  mark request completed, id = 1
request 1 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_sasl_bind_result
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0x08082080 ptr=0x08082083 end=0x08082137 len=180
  0000:  61 81 b1 0a 01 0e 04 00  04 00 87 81 a7 72 65 61   a............rea
  0010:  6c 6d 3d 22 6a 61 72 72  65 74 74 22 2c 6e 6f 6e   lm="jarrett",non
  0020:  63 65 3d 22 6a 4b 4b 36  54 2f 39 74 30 2f 41 31   ce="jKK6T/9t0/A1
  0030:  47 50 2b 34 36 6f 71 43  34 2b 6f 75 35 5a 4b 5a   GP+46oqC4+ou5ZKZ
  0040:  54 2f 63 4e 65 4c 67 77  42 45 4b 2b 49 4a 49 3d   T/cNeLgwBEK+IJI=
  0050:  22 2c 71 6f 70 3d 22 61  75 74 68 2c 61 75 74 68   ",qop="auth,auth
  0060:  2d 69 6e 74 2c 61 75 74  68 2d 63 6f 6e 66 22 2c   -int,auth-conf",
  0070:  63 69 70 68 65 72 3d 22  72 63 34 2d 34 30 2c 72   cipher="rc4-40,r
  0080:  63 34 2d 35 36 2c 72 63  34 2c 64 65 73 2c 33 64   c4-56,rc4,des,3d
  0090:  65 73 22 2c 63 68 61 72  73 65 74 3d 75 74 66 2d   es",charset=utf-
  00a0:  38 2c 61 6c 67 6f 72 69  74 68 6d 3d 6d 64 35 2d   8,algorithm=md5-
  00b0:  73 65 73 73                                        sess
ber_scanf fmt (O) ber:
ber_dump: buf=0x08082080 ptr=0x0808208d end=0x08082137 len=170
  0000:  87 81 a7 72 65 61 6c 6d  3d 22 6a 61 72 72 65 74   ...realm="jarret
  0010:  74 22 2c 6e 6f 6e 63 65  3d 22 6a 4b 4b 36 54 2f   t",nonce="jKK6T/
  0020:  39 74 30 2f 41 31 47 50  2b 34 36 6f 71 43 34 2b   9t0/A1GP+46oqC4+
  0030:  6f 75 35 5a 4b 5a 54 2f  63 4e 65 4c 67 77 42 45   ou5ZKZT/cNeLgwBE
  0040:  4b 2b 49 4a 49 3d 22 2c  71 6f 70 3d 22 61 75 74   K+IJI=",qop="aut
  0050:  68 2c 61 75 74 68 2d 69  6e 74 2c 61 75 74 68 2d   h,auth-int,auth-
  0060:  63 6f 6e 66 22 2c 63 69  70 68 65 72 3d 22 72 63   conf",cipher="rc
  0070:  34 2d 34 30 2c 72 63 34  2d 35 36 2c 72 63 34 2c   4-40,rc4-56,rc4,
  0080:  64 65 73 2c 33 64 65 73  22 2c 63 68 61 72 73 65   des,3des",charse
  0090:  74 3d 75 74 66 2d 38 2c  61 6c 67 6f 72 69 74 68   t=utf-8,algorith
  00a0:  6d 3d 6d 64 35 2d 73 65  73 73                     m=md5-sess
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0x08082080 ptr=0x08082083 end=0x08082137 len=180
  0000:  61 81 b1 0a 01 0e 04 00  04 00 87 81 a7 72 65 61   a............rea
  0010:  6c 6d 3d 22 6a 61 72 72  65 74 74 22 2c 6e 6f 6e   lm="jarrett",non
  0020:  63 65 3d 22 6a 4b 4b 36  54 2f 39 74 30 2f 41 31   ce="jKK6T/9t0/A1
  0030:  47 50 2b 34 36 6f 71 43  34 2b 6f 75 35 5a 4b 5a   GP+46oqC4+ou5ZKZ
  0040:  54 2f 63 4e 65 4c 67 77  42 45 4b 2b 49 4a 49 3d   T/cNeLgwBEK+IJI=
  0050:  22 2c 71 6f 70 3d 22 61  75 74 68 2c 61 75 74 68   ",qop="auth,auth
  0060:  2d 69 6e 74 2c 61 75 74  68 2d 63 6f 6e 66 22 2c   -int,auth-conf",
  0070:  63 69 70 68 65 72 3d 22  72 63 34 2d 34 30 2c 72   cipher="rc4-40,r
  0080:  63 34 2d 35 36 2c 72 63  34 2c 64 65 73 2c 33 64   c4-56,rc4,des,3d
  0090:  65 73 22 2c 63 68 61 72  73 65 74 3d 75 74 66 2d   es",charset=utf-
  00a0:  38 2c 61 6c 67 6f 72 69  74 68 6d 3d 6d 64 35 2d   8,algorithm=md5-
  00b0:  73 65 73 73                                        sess
ber_scanf fmt (x) ber:
ber_dump: buf=0x08082080 ptr=0x0808208d end=0x08082137 len=170
  0000:  87 81 a7 72 65 61 6c 6d  3d 22 6a 61 72 72 65 74   ...realm="jarret
  0010:  74 22 2c 6e 6f 6e 63 65  3d 22 6a 4b 4b 36 54 2f   t",nonce="jKK6T/
  0020:  39 74 30 2f 41 31 47 50  2b 34 36 6f 71 43 34 2b   9t0/A1GP+46oqC4+
  0030:  6f 75 35 5a 4b 5a 54 2f  63 4e 65 4c 67 77 42 45   ou5ZKZT/cNeLgwBE
  0040:  4b 2b 49 4a 49 3d 22 2c  71 6f 70 3d 22 61 75 74   K+IJI=",qop="aut
  0050:  68 2c 61 75 74 68 2d 69  6e 74 2c 61 75 74 68 2d   h,auth-int,auth-
  0060:  63 6f 6e 66 22 2c 63 69  70 68 65 72 3d 22 72 63   conf",cipher="rc
  0070:  34 2d 34 30 2c 72 63 34  2d 35 36 2c 72 63 34 2c   4-40,rc4-56,rc4,
  0080:  64 65 73 2c 33 64 65 73  22 2c 63 68 61 72 73 65   des,3des",charse
  0090:  74 3d 75 74 66 2d 38 2c  61 6c 67 6f 72 69 74 68   t=utf-8,algorith
  00a0:  6d 3d 6d 64 35 2d 73 65  73 73                     m=md5-sess
ber_scanf fmt (}) ber:
ber_dump: buf=0x08082080 ptr=0x08082137 end=0x08082137 len=0

ldap_msgfree
sasl_client_start: 2
sasl_client_start: 1
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ber_flush: 346 bytes to sd 6
  0000:  30 82 01 56 02 01 02 60  82 01 4f 02 01 03 04 18   0..V...`..O.....
  0010:  75 69 64 3d 52 45 50 4c  2e 4c 44 41 50 2e 53 41   uid=REPL.LDAP.SA
  0020:  46 45 43 4f 2e 43 4f 4d  a3 82 01 2e 04 0a 44 49   FECO.COM......DI
  0030:  47 45 53 54 2d 4d 44 35  04 82 01 1e 75 73 65 72   GEST-MD5....user
  0040:  6e 61 6d 65 3d 22 52 45  50 4c 2e 4c 44 41 50 2e   name="REPL.LDAP.
  0050:  53 41 46 45 43 4f 2e 43  4f 4d 22 2c 72 65 61 6c   SAFECO.COM",real
  0060:  6d 3d 22 6a 61 72 72 65  74 74 22 2c 6e 6f 6e 63   m="jarrett",nonc
  0070:  65 3d 22 6a 4b 4b 36 54  2f 39 74 30 2f 41 31 47   e="jKK6T/9t0/A1G
  0080:  50 2b 34 36 6f 71 43 34  2b 6f 75 35 5a 4b 5a 54   P+46oqC4+ou5ZKZT
  0090:  2f 63 4e 65 4c 67 77 42  45 4b 2b 49 4a 49 3d 22   /cNeLgwBEK+IJI="
  00a0:  2c 63 6e 6f 6e 63 65 3d  22 53 31 72 4c 4c 70 67   ,cnonce="S1rLLpg
  00b0:  66 6a 58 50 52 6f 72 57  64 44 33 37 52 44 48 2b   fjXPRorWdD37RDH+
  00c0:  71 70 54 78 33 56 33 41  72 47 41 5a 59 39 6f 4a   qpTx3V3ArGAZY9oJ
  00d0:  69 4e 38 34 3d 22 2c 6e  63 3d 30 30 30 30 30 30   iN84=",nc=000000
  00e0:  30 31 2c 71 6f 70 3d 61  75 74 68 2d 63 6f 6e 66   01,qop=auth-conf
  00f0:  2c 63 69 70 68 65 72 3d  22 72 63 34 22 2c 63 68   ,cipher="rc4",ch
  0100:  61 72 73 65 74 3d 75 74  66 2d 38 2c 64 69 67 65   arset=utf-8,dige
  0110:  73 74 2d 75 72 69 3d 22  6c 64 61 70 2f 6a 61 72   st-uri="ldap/jar
  0120:  72 65 74 74 2e 73 61 66  65 63 6f 2e 63 6f 6d 22   rett.safeco.com"
  0130:  2c 72 65 73 70 6f 6e 73  65 3d 63 63 62 35 62 35   ,response=ccb5b5
  0140:  63 38 33 34 39 34 37 66  30 39 38 33 62 31 65 31   c834947f0983b1e1
  0150:  34 61 30 31 64 33 65 64  34 61                     4a01d3ed4a
ldap_write: want=346, written=346
  0000:  30 82 01 56 02 01 02 60  82 01 4f 02 01 03 04 18   0..V...`..O.....
  0010:  75 69 64 3d 52 45 50 4c  2e 4c 44 41 50 2e 53 41   uid=REPL.LDAP.SA
  0020:  46 45 43 4f 2e 43 4f 4d  a3 82 01 2e 04 0a 44 49   FECO.COM......DI
  0030:  47 45 53 54 2d 4d 44 35  04 82 01 1e 75 73 65 72   GEST-MD5....user
  0040:  6e 61 6d 65 3d 22 52 45  50 4c 2e 4c 44 41 50 2e   name="REPL.LDAP.
  0050:  53 41 46 45 43 4f 2e 43  4f 4d 22 2c 72 65 61 6c   SAFECO.COM",real
  0060:  6d 3d 22 6a 61 72 72 65  74 74 22 2c 6e 6f 6e 63   m="jarrett",nonc
  0070:  65 3d 22 6a 4b 4b 36 54  2f 39 74 30 2f 41 31 47   e="jKK6T/9t0/A1G
  0080:  50 2b 34 36 6f 71 43 34  2b 6f 75 35 5a 4b 5a 54   P+46oqC4+ou5ZKZT
  0090:  2f 63 4e 65 4c 67 77 42  45 4b 2b 49 4a 49 3d 22   /cNeLgwBEK+IJI="
  00a0:  2c 63 6e 6f 6e 63 65 3d  22 53 31 72 4c 4c 70 67   ,cnonce="S1rLLpg
  00b0:  66 6a 58 50 52 6f 72 57  64 44 33 37 52 44 48 2b   fjXPRorWdD37RDH+
  00c0:  71 70 54 78 33 56 33 41  72 47 41 5a 59 39 6f 4a   qpTx3V3ArGAZY9oJ
  00d0:  69 4e 38 34 3d 22 2c 6e  63 3d 30 30 30 30 30 30   iN84=",nc=000000
  00e0:  30 31 2c 71 6f 70 3d 61  75 74 68 2d 63 6f 6e 66   01,qop=auth-conf
  00f0:  2c 63 69 70 68 65 72 3d  22 72 63 34 22 2c 63 68   ,cipher="rc4",ch
  0100:  61 72 73 65 74 3d 75 74  66 2d 38 2c 64 69 67 65   arset=utf-8,dige
  0110:  73 74 2d 75 72 69 3d 22  6c 64 61 70 2f 6a 61 72   st-uri="ldap/jar
  0120:  72 65 74 74 2e 73 61 66  65 63 6f 2e 63 6f 6d 22   rett.safeco.com"
  0130:  2c 72 65 73 70 6f 6e 73  65 3d 63 63 62 35 62 35   ,response=ccb5b5
  0140:  63 38 33 34 39 34 37 66  30 39 38 33 62 31 65 31   c834947f0983b1e1
  0150:  34 61 30 31 64 33 65 64  34 61                     4a01d3ed4a
ldap_result msgid 2
ldap_chkResponseList for msgid=2, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 2
wait4msg continue, msgid 2, all 1
** Connections:
* host: jarrett.safeco.com  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Wed Oct  3 13:52:16 2001

** Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
ldap_chkResponseList for msgid=2, all=1
ldap_chkResponseList returns NULL
do_ldap_select
read1msg: msgid 2, all 1
ber_get_next
ldap_read: want=1, got=1
  0000:  30                                                 0
ldap_read: want=1, got=1
  0000:  0c                                                 .
ldap_read: want=12, got=12
  0000:  02 01 02 61 07 0a 01 50  04 00 04 00               ...a...P....
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0x08082180 ptr=0x08082180 end=0x0808218c len=12
  0000:  02 01 02 61 07 0a 01 50  04 00 04 00               ...a...P....
ldap_read: message type bind msgid 2, original id 2
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0x08082180 ptr=0x08082183 end=0x0808218c len=9
  0000:  61 07 0a 01 50 04 00 04  00                        a...P....
read1msg:  0 new referrals
read1msg:  mark request completed, id = 2
request 2 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 2, msgid 2)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_sasl_bind_result
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0x08082180 ptr=0x08082183 end=0x0808218c len=9
  0000:  61 07 0a 01 50 04 00 04  00                        a...P....
ldap_msgfree
ldap_err2string
Error: LDAP SASL for jarrett.safeco.com:389 failed: Unknown error
ldap_unbind
ldap_free_connection
ldap_send_unbind
ber_flush: 7 bytes to sd 6
  0000:  30 05 02 01 03 42 00                               0....B.
ldap_write: want=7, written=7
  0000:  30 05 02 01 03 42 00                               0....B.
ldap_free_connection: actually freed
fm: exiting
Retrying operation for DN uid=Bill_Friesen, ou=Distributors, dc=safeco,dc=com on replica jarrett.safeco.com:389
end replication thread for jarrett.safeco.com:389
slurpd: terminated.