[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: saslauxprop and libldapdb, auxpropfunc error -7

To: Joe Rhodes <lists@joerhodes.com>
Subject: Re: saslauxprop and libldapdb, auxpropfunc error -7
From: Igor Brezac <igor@ipass.net>
Date: Thu, 6 Mar 2003 14:53:42 -0500 (EST)
Cc: Howard Chu <hyc@highlandsun.com>, "'Rob Siemborski'" <rjs3@andrew.cmu.edu>, <OpenLDAP-software@OpenLDAP.org>, <cyrus-sasl@lists.andrew.cmu.edu>
In-reply-to: <22960C30-500A-11D7-BC3B-00039376159E@joerhodes.com>

On Thu, 6 Mar 2003, Joe Rhodes wrote:

> Howard, Igor, Rob, et. al.,
>
> I've tried applying the changes as Howard suggested below.  It has
> succeeded in preventing the "auxpropfunc error -7" message from showing
> up when Cyrus IMAP invokes the SASL library to do a user/password
> verification.  However, there is still no bind (or any activity for
> that matter) with slapd.  It just reports an error "SASL(-13): user not
> found:  checkpass failed" in the system log.  I guess at this point I'm
> at least expecting it to query the ldap server, even if it isn't
> successful.  My imap.conf file is as so (per previous recommendations):
>
> configdirectory: /var/imap
> partition-default: /var/spool/imap
> admins: cyrus root
> sasl_pwcheck_method: auxprop
> sasl_auxprop_plugin: ldapdb
> ldapdb_uri: ldap://127.0.0.1
> ldapdb_id:  admin
> ldapdb_pw:  password
> ldapdb_mech: PLAIN
>

This will not work.

> Another variation tried (upon suggestion) was:
>
> configdirectory: /var/imap
> partition-default: /var/spool/imap
> admins: cyrus root
> sasl_pwcheck_method: auxprop
> sasl_auxprop_plugin: ldapdb
> sasl_ldapdb_uri: ldap://127.0.0.1
> sasl_ ldapdb_id:  admin
> sasl_ ldapdb_pw:  password
> sasl_ ldapdb_mech: PLAIN
>

This should work, I assume extra spaces is just a typo.

Are you certain the plugin is contacting the ldap server
(ldap://127.0.0.1)?  If this is the case, can 'ldapdb_id: admin' be used
for proxy authorization privileges to every account that is allowed to
login?

>
> My apologies that I'm not more helpful in the coding suggestions.  My
> programming is limited to two semesters of java.  About all I can do is
> test and report.  Please let me know if there is anything further I can
> do in that regard.
>
> Cheers!
> -Joe
>
>
>
>
>
> On Thursday, March 6, 2003, at 08:55  AM, Howard Chu wrote:
>
> >> -----Original Message-----
> >> From: Rob Siemborski [mailto:rjs3@andrew.cmu.edu]
> >> Sent: Thursday, March 06, 2003 6:28 AM
> >> To: Howard Chu
> >> Cc: 'Igor Brezac'; 'Joe Rhodes'; OpenLDAP-software@OpenLDAP.org;
> >> cyrus-sasl@lists.andrew.cmu.edu
> >> Subject: RE: saslauxprop and libldapdb, auxpropfunc error -7
> >>
> >>
> >> On Thu, 6 Mar 2003, Howard Chu wrote:
> >>
> >>> I take that all back. There's still something broken, I
> >> just haven't found it
> >>> yet, and I've been up far too late tonight to say anything
> >> coherent about it
> >>> now.
> >>
> >> The library always hands plugins the internal getopt function
> >> because it
> >> performs getopt lookups by calling both the connection-specific getopt
> >> function and the global getopt function (as well as potentially an
> >> application-specific config file).  Handing the getopt
> >> callback directly
> >> to the plugin won't accomplish this.
> >>
> >> If you do fingure out what trouble you're having, though, let us know.
> >
> > OK, this time for sure: sasl_auxprop_add_plugin invokes the plugin with
> > sasl_global_utils (lib/auxprop.c:804)
> > 804         result = auxpropfunc(sasl_global_utils,
> > SASL_AUXPROP_PLUG_VERSION,
> > 805                              &out_version, &plug, plugname);
> >
> > sasl_global_utils has a NULL context. It is created this way by
> > _sasl_common_init (lib/common.c:421)
> >     /* Setup the global utilities */
> >     if(!sasl_global_utils) {
> >         sasl_global_utils = _sasl_alloc_utils(NULL, NULL);
> >         if(sasl_global_utils == NULL) return SASL_NOMEM;
> >     }
> >
> > It passes a NULL context to _sasl_alloc_utils; it should be passing
> > &global_callbacks instead.
> >
> >   -- Howard Chu
> >   Chief Architect, Symas Corp.       Director, Highland Sun
> >   http://www.symas.com               http://highlandsun.com/hyc
> >   Symas: Premier OpenSource Development and Support
> >
> >
>
> Howard's code refinements to sasl libraries:
>
>
> This would be better, I think:
> Index: client.c
> ===================================================================
> RCS file: /cvs/src/sasl/lib/client.c,v
> retrieving revision 1.58
> diff -u -r1.58 client.c
> --- client.c    13 Feb 2003 19:55:53 -0000      1.58
> +++ client.c    6 Mar 2003 15:02:34 -0000
> @@ -210,7 +210,7 @@
>
>     sasl_client_add_plugin("EXTERNAL", &external_client_plug_init);
>
> -  ret = _sasl_common_init();
> +  ret = _sasl_common_init(&global_callbacks);
>
>     if (ret == SASL_OK)
>         ret = _sasl_load_plugins(ep_list,
> Index: common.c
> ===================================================================
> RCS file: /cvs/src/sasl/lib/common.c,v
> retrieving revision 1.89
> diff -u -r1.89 common.c
> --- common.c    13 Feb 2003 19:55:54 -0000      1.89
> +++ common.c    6 Mar 2003 15:02:35 -0000
> @@ -413,13 +413,13 @@
>     RETURN(conn, SASL_OK);
>   }
>
> -int _sasl_common_init(void)
> +int _sasl_common_init(sasl_global_callbacks_t *global_callbacks)
>   {
>       int result;
>
>       /* Setup the global utilities */
>       if(!sasl_global_utils) {
> -       sasl_global_utils = _sasl_alloc_utils(NULL, NULL);
> +       sasl_global_utils = _sasl_alloc_utils(NULL, global_callbacks);
>          if(sasl_global_utils == NULL) return SASL_NOMEM;
>       }
>
> Index: saslint.h
> ===================================================================
> RCS file: /cvs/src/sasl/lib/saslint.h,v
> retrieving revision 1.46
> diff -u -r1.46 saslint.h
> --- saslint.h   13 Feb 2003 19:55:54 -0000      1.46
> +++ saslint.h   6 Mar 2003 15:02:36 -0000
> @@ -358,7 +358,7 @@
>   extern const sasl_callback_t *
>   _sasl_find_verifyfile_callback(const sasl_callback_t *callbacks);
>
> -extern int _sasl_common_init(void);
> +extern int _sasl_common_init(sasl_global_callbacks_t
> *global_callbacks);
>
>   extern int _sasl_conn_init(sasl_conn_t *conn,
>                             const char *service,
> Index: server.c
> ===================================================================
> RCS file: /cvs/src/sasl/lib/server.c,v
> retrieving revision 1.119
> diff -u -r1.119 server.c
> --- server.c    13 Feb 2003 19:55:54 -0000      1.119
> +++ server.c    6 Mar 2003 15:02:37 -0000
> @@ -585,7 +585,7 @@
>       /* we require the appname to be non-null */
>       if (appname==NULL) return SASL_BADPARAM;
>
> -    ret = _sasl_common_init();
> +    ret = _sasl_common_init(&global_callbacks);
>       if (ret != SASL_OK)
>          return ret;
>
>
>    -- Howard Chu
>    Chief Architect, Symas Corp.       Director, Highland Sun
>    http://www.symas.com               http://highlandsun.com/hyc
>    Symas: Premier OpenSource Development and Support
>
> >
>
>

-- 
Igor

Follow-Ups:
- RE: saslauxprop and libldapdb, auxpropfunc error -7
  - From: "Howard Chu" <hyc@highlandsun.com>
- Re: saslauxprop and libldapdb, auxpropfunc error -7
  - From: Joe Rhodes <lists@joerhodes.com>

References:
- Re: saslauxprop and libldapdb, auxpropfunc error -7
  - From: Joe Rhodes <lists@joerhodes.com>

Prev by Date: Re: TLS client certificate pb
Next by Date: win 2000 problem
Index(es):
- Chronological
- Thread