[Date Prev][Date Next] [Chronological] [Thread] [Top]

Yet another "ldap_sasl_interactive_bind_s: Local error" unresolved problem !



  Folks,

  I've been trying, these last 2 ou 3 days, to find an answer to the
problem i'm facing when i try to authenticate my application to a remote
LDAP server. I've looked many messages posted to this list but none gave me
the answer and helped me to solve it, and that's why i'm posting this
message ... My application (which is in fact a web page written in PHP
script) needs to access a remote LDAP server to authenticate an user (in
fact, what really matters here is that i need to query its database). Well,
the PHP engine relies on the UMIC´s LDAP implementation (version 3.3),
which has the default authentication method set to the SASL mechanism. This
mechanism seems to be not working properly 'cause when i try to run a
simple query like this one :

      ldapsearch -u -h "my_ldap_server" -D "cn=Test" -w "password" "cn=a*"

  i receive the following error :

      ldap_sasl_interactive_bind_s: Local error

  There are many messages posted talking about this error and saying that
the probable reason for this is that Kerberos server is not running or
something like that (which involves the TGT ticket exchange at binding
time). For me, this seems to be only reasonable if my problem was at the
server side, which is not. I need to configure just a client to access a
remote server, i don´t want to use Kerberos or any other back-end service !
  The interesting matter is that if i run the same query with the -x option
(requesting for a simple authentication), everything goes well and my query
is done successfully ! This is the successfull query:

      ldapsearch -x -u -h "my_ldap_server" -D "cn=Test" -w "password"
"cn=a*"

  Is there any way to always disable the SASL authentication method to the
OpenLDAP tools and library ? If not, what could be possibly wrong ?
  I tried the same query on a Novell LDAP server and a Lotus Notes LDAP
server, giving me the same answer. Both of them gave me the same answer,
having the same problem. When i consult both of them with the following
query:

      ldapsearch -h my_ldap_server -x -b "" -s base -LLL
supportedSASLMechanisms

  i receive:

      dn:
        supportedsaslmechanisms: EXTERNAL

  Is it a problem ? Should i receive KERBEROS, LOGIN or something like that
instead of EXTERNAL ???

  Running the search with the debug option i got:


... (there are some lines above that i've suppressed)
ber_get_next: tag 0x30 len 48 contents:
ldap_read: message type search-entry msgid 1, original id 1
wait4msg continue, msgid 1, all 1
** Connections:
* host: embsjt21.sjk.emb  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Thu Sep  5 16:03:09 2002

** Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
 * msgid 1,  type 100
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
do_ldap_select
read1msg: msgid 1, all 1
ber_get_next
ldap_read: want=1, got=1
  0000:  30                                                 0
ldap_read: want=1, got=1
  0000:  0c                                                 .
ldap_read: want=12, got=12
  0000:  02 01 01 65 07 0a 01 00  04 00 04 00               ...e........
ber_get_next: tag 0x30 len 12 contents:
ldap_read: message type search-result msgid 1, original id 1
ber_scanf fmt ({iaa) ber:
read1msg:  0 new referrals
read1msg:  mark request completed, id = 1
request 1 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection
ldap_free_connection: refcnt 1
adding response id 1 type 101:
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (}) ber:
ldap_get_values
ber_scanf fmt ({x{{a) ber:
ber_scanf fmt ([v]) ber:
ldap_msgfree
ldap_interactive_sasl_bind_s: server supports: EXTERNAL
ldap_int_sasl_bind: EXTERNAL
ldap_perror
ldap_sasl_interactive_bind_s: Local error


  Using the strace command i got:


... (again, supressing some unimportant lines)
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3
fcntl64(3, F_GETFL)                     = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
connect(3, {sin_family=AF_INET, sin_port=htons(389), sin_addr=inet_addr
("1.67.5.21")}}, 16) = -1 EINPROGRESS (Operation now in progress)
select(1024, NULL, [3], NULL, NULL)     = 1 (out [3])
getpeername(3, {sin_family=AF_INET, sin_port=htons(389), sin_addr=inet_addr
("1.67.5.21")}}, [16]) = 0
fcntl64(3, F_GETFL)                     = 0x802 (flags O_RDWR|O_NONBLOCK)
fcntl64(3, F_SETFL, O_RDWR)             = 0
getpeername(3, {sin_family=AF_INET, sin_port=htons(389), sin_addr=inet_addr
("1.67.5.21")}}, [16]) = 0
socket(PF_UNIX, SOCK_STREAM, 0)         = 4
connect(4, {sin_family=AF_UNIX, path="/var/run/.nscd_socket"}, 110) = -1
ENOENT (No such file or directory)
close(4)                                = 0
open("/etc/hosts", O_RDONLY)            = 4
fcntl64(4, F_GETFD)                     = 0
fcntl64(4, F_SETFD, FD_CLOEXEC)         = 0
fstat64(4, {st_mode=S_IFREG|0644, st_size=207, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x402fc000
read(4, "# Do not remove the following li"..., 4096) = 207
read(4, "", 4096)                       = 0
close(4)                                = 0
munmap(0x402fc000, 4096)                = 0
open("/var/nis/NIS_COLD_START", O_RDONLY) = -1 ENOENT (No such file or
directory)
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
connect(4, {sin_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr
("1.199.4.1")}}, 28) = 0
send(4, "=\310\1\0\0\1\0\0\0\0\0\0\00221\0015\00267\0011\7in-ad"..., 40, 0)
= 40
gettimeofday({1031252704, 524323}, NULL) = 0
poll([{fd=4, events=POLLIN, revents=POLLIN}], 1, 5000) = 1
recvfrom(4, "=\310\205\203\0\1\0\0\0\1\0\0\00221\0015\00267\0011\7i"...,
1024, 0, {sin_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr
("1.199.4.1")}}, [16]) = 97
close(4)                                = 0
brk(0x8059000)                          = 0x8059000
time(NULL)                              = 1031252704
write(3, "0>\2\1\1c9\4\0\n\1\0\n\1\0\2\1\0\2\1\0\1\1\0\207\vobje"..., 64)
= 64
select(1024, [3], [], NULL, NULL)       = 1 (in [3])
read(3, "00\2\1\1d+\4\0000\'0%\4\27supportedsaslmech"..., 16384) = 50
select(1024, [3], [], NULL, NULL)       = 1 (in [3])
read(3, "0\f\2\1\1e\7\n\1\0\4\0\4\0", 16384) = 14
time(NULL)                              = 1031252704
write(2, "ldap_sasl_interactive_bind_s: Lo"...,
42ldap_sasl_interactive_bind_s: Local error
) = 42
_exit(1)


  Any kind of help is welcome !

  Best regards,

  Wagner Bila
  Computer Engineer, MSc