[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: test of SASL DIGEST-MD5 mechanism



Thanks, Chapman for pointing out the typo to me. I corrected the typo, but got the same error message. Any other comments? Thanks.

Cindy

Chapman, Kyle wrote:

if you look at your regexp, cn=enigeer <> cn=engineer

-----Original Message-----
From: Cindy Wang [mailto:cwang@KiNETWORKS.com]
Sent: Tuesday, March 18, 2003 5:51 PM
To: Chapman, Kyle
Cc: openldap-software@OpenLDAP.org
Subject: Re: test of SASL DIGEST-MD5 mechanism


I don't think it is a typo. The sasl-regexp directive is used to map authentication identities to LDAP entries.


Cindy

Chapman, Kyle wrote:



is this a typo from your log?
"uid=$1,cn=enigneer,dc=rtp,dc=KiNETWORKS,dc=com"

your dn is:
dn: cn=Andrew,cn=engineer,dc=rtp,dc=KiNETWORKS,dc=com

-----Original Message-----
From: Cindy Wang [mailto:cwang@kinetworks.com]
Sent: Tuesday, March 18, 2003 2:17 PM
To: openldap-software@OpenLDAP.org
Subject: test of SASL DIGEST-MD5 mechanism


Hi:

I am trying to set up some simple tests of SASL DIGEST-MD 5 mechanism running openldap.2.1.16 with SASL on Solaris 5.7. But when I did the search, I got the following message:

ldapsearch -Y DIGEST-MD5 -U u00997 -b 'dc=rtp,dc=KiNETWORKS,dc=com' 'cn=Andrew'
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Internal (implementation specific) error
(80)
additional info: SASL(-13): user not found: no secret in
database


I have an entry in the Directory as the following:

# Andrew, engineer, rtp.KiNETWORKS.com
dn: cn=Andrew,cn=engineer,dc=rtp,dc=KiNETWORKS,dc=com
objectClass: person
objectClass: inetOrgPerson
cn: Andrew
sn: Findlay
uid: u00997
userPassword:: c2VjcmV0

================== slapd.conf ====================
password-hash   {CLEARTEXT}
sasl-regexp
      uid=(.*),cn=rtp.KiNETWORKS.com,cn=digest-md5,cn=auth
      uid=$1,cn=enigneer,dc=rtp,dc=KiNETWORKS,dc=com
================================================

Could anyone tell if anything is wrong with the above sasl-regexp
mapping?
I even ran the debugger and found that in servers/slapd/saslauthz.c, at line
302, the function call regexec( ) didn't return a 0 with the above sasl-regexp.
And the following is in the "reg" structure during the debugging:
*reg = {
sr_match = 0x83e3fd8 "uid=(.*),cn=rtp.KiNETWORKS.com,cn=digest-md5,cn=auth"
sr_replace = 0x83a67b8 "uid=$1,cn=enigneer,dc=rtp,dc=KiNETWORKS,dc=com"
sr_workspace = {
re_nsub = 1U
re_comp = 0x83baba8
re_cflags = 5
re_erroff = 0
re_len = 108U
re_sc = 0x83bac30
}
sr_strings = (
{
rm_sp = 0x656e6973 "<bad address 0x656e6973>"
rm_ep = 0x61437373 "<bad address 0x61437373>"
rm_so = 1869047156
rm_eo = 606108018
rm_ss = 1918984992
rm_es = 1701013836
}{
rm_sp = 0x2065736e "<bad address 0x2065736e>"
rm_ep = 0x65642024 "<bad address 0x65642024>"
rm_so = 1953653104
rm_eo = 1953391981
rm_ss = 1651340622
rm_es = 606106213
}{
rm_sp = 0x69640920 "<bad address 0x69640920>"
rm_ep = 0x616c7073 "<bad address 0x616c7073>"
rm_so = 1835093625
rm_eo = 539238501
rm_ss = 1819307365
rm_es = 1701149039
}{
rm_sp = 0x626d754e "<bad address 0x626d754e>"
rm_ep = 0x24207265 "<bad address 0x24207265>"
rm_so = 1886217504
rm_eo = 1702457196
rm_ss = 1886999653
rm_es = 539238501
}{
rm_sp = 0x65766967 "<bad address 0x65766967>"
rm_ep = 0x6d614e6e "<bad address 0x6d614e6e>"
rm_so = 539238501
rm_eo = 1836017673
rm_ss = 1869107301
rm_es = 606102894
}{
rm_sp = 0x6d6f6820 "<bad address 0x6d6f6820>"
rm_ep = 0x736f5065 "<bad address 0x736f5065>"
rm_so = 1097621876
rm_eo = 1701995620
rm_ss = 606106483
rm_es = 1768843552
}{
rm_sp = 0x6c616974 "<bad address 0x6c616974>"
rm_ep = 0x20242073 "<bad address 0x20242073>"
rm_so = 1734701162
rm_eo = 1953458256
rm_ss = 539238511
rm_es = 1650551817
}{
rm_sp = 0x64656c65 "<bad address 0x64656c65>"
rm_ep = 0x20495255 "<bad address 0x20495255>"
rm_so = 1634541604
rm_eo = 606104681
rm_ss = 1851878688
rm_es = 1919248225
}{
rm_sp = 0x6d202420 "<bad address 0x6d202420>"
rm_ep = 0x6c69626f "<bad address 0x6c69626f>"
rm_so = 539238501
rm_eo = 539238511
rm_ss = 1701273968
rm_es = 539238514
}{
rm_sp = 0x6f687009 "<bad address 0x6f687009>"
rm_ep = 0x24206f74 "<bad address 0x24206f74>"
rm_so = 1869574688
rm_eo = 1836404333
rm_ss = 544367970
rm_es = 1702043684
}
)
sr_offset = (-2, 4, 46, -1, 1919251317, 1953654083, 1667851881, 543519841, 2013863972, 1966092341, 1970366830, 1701071205)
}




================== log information for the slapd
==========================
==slap_sasl2dn: Converted SASL name to <nothing>
SASL Canonicalize [conn=0]: authcDN="uid=u00997,cn=digest-md5,cn=auth"
SASL Canonicalize [conn=0]: authzid="u00997"
SASL [conn=0] Failure: no secret in database
send_ldap_result: conn=0 op=1 p=3
send_ldap_result: err=80 matched="" text="SASL(-13): user not found: no secret in database"
send_ldap_response: msgid=2 tag=97 err=80
ber_flush: 62 bytes to sd 11
0000: 30 3c 02 01 02 61 37 0a 01 50 04 00 04 30 53 41 0<...a7..P...0SA 0010: 53 4c 28 2d 31 33 29 3a 20 75 73 65 72 20 6e 6f SL(-13): user no 0020: 74 20 66 6f 75 6e 64 3a 20 6e 6f 20 73 65 63 72 t found: no secr 0030: 65 74 20 69 6e 20 64 61 74 61 62 61 73 65 et in database ldap_write: want=62, written=62
0000: 30 3c 02 01 02 61 37 0a 01 50 04 00 04 30 53 41 0<...a7..P...0SA 0010: 53 4c 28 2d 31 33 29 3a 20 75 73 65 72 20 6e 6f SL(-13): user no 0020: 74 20 66 6f 75 6e 64 3a 20 6e 6f 20 73 65 63 72 t found: no secr 0030: 65 74 20 69 6e 20 64 61 74 61 62 61 73 65 et in database conn=0 op=1 RESULT tag=97 err=80 text=SASL(-13): user not found: no secret in database
<== slap_sasl_bind: rc=80
daemon: select: listen=7 active_threads=1 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 11r
daemon: read activity on 11
connection_get(11)
connection_get(11): got connid=0
connection_read(11): checking for input on id=0
ber_get_next
ldap_read: want=9, got=0


ber_get_next on fd 11 failed errno=0 (Error 0)
connection_read(11): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=11 for close
connection_close: conn=0 sd=11
daemon: removing 11
conn=0 fd=11 closed
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=7 active_threads=0 tvp=NULL

======================================================================

Thanks very much for your help.

Cindy Wang
Software Product Engineer
KiNETWORKS
NOTICE: This E-mail may contain confidential information. If you are not
the addressee or the intended recipient please do not read this E-mail
and please immediately delete this e-mail message and any attachments


from your workstation or network mail system. If you are the addressee


or the intended recipient and you save or print a copy of this E-mail,
please place it in an appropriate file, depending on whether
confidential information is contained in the message.