[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: test of SASL DIGEST-MD5 mechanism
- To: "Cindy Wang" <cwang@KiNETWORKS.com>
- Subject: RE: test of SASL DIGEST-MD5 mechanism
- From: "Chapman, Kyle" <Kyle_Chapman@G1.com>
- Date: Tue, 18 Mar 2003 18:38:38 -0500
- Cc: <openldap-software@OpenLDAP.org>
- Content-class: urn:content-classes:message
- Thread-index: AcLtpoZDtb5m5k4jRMiUbg7N4ffkWQAAN36A
- Thread-topic: test of SASL DIGEST-MD5 mechanism
also, your regexp is resetting the auth dn which contains cn=u00997 to a dn in your db that starts out as uid=u00997.
the dn your trying to map to from your ldif example doesnt have the dn that contains 'u00997'. try setting your -U parameter to Andrew
-----Original Message-----
From: Cindy Wang [mailto:cwang@KiNETWORKS.com]
Sent: Tuesday, March 18, 2003 6:32 PM
To: Chapman, Kyle
Cc: openldap-software@OpenLDAP.org
Subject: Re: test of SASL DIGEST-MD5 mechanism
Thanks, Chapman for pointing out the typo to me. I corrected the typo,
but got the same error message. Any other comments? Thanks.
Cindy
Chapman, Kyle wrote:
>if you look at your regexp, cn=enigeer <> cn=engineer
>
>-----Original Message-----
>From: Cindy Wang [mailto:cwang@KiNETWORKS.com]
>Sent: Tuesday, March 18, 2003 5:51 PM
>To: Chapman, Kyle
>Cc: openldap-software@OpenLDAP.org
>Subject: Re: test of SASL DIGEST-MD5 mechanism
>
>
>I don't think it is a typo. The sasl-regexp directive is used to map
>authentication identities to LDAP entries.
>
>Cindy
>
>Chapman, Kyle wrote:
>
>
>
>>is this a typo from your log?
>>"uid=$1,cn=enigneer,dc=rtp,dc=KiNETWORKS,dc=com"
>>
>>your dn is:
>>dn: cn=Andrew,cn=engineer,dc=rtp,dc=KiNETWORKS,dc=com
>>
>>-----Original Message-----
>>From: Cindy Wang [mailto:cwang@kinetworks.com]
>>Sent: Tuesday, March 18, 2003 2:17 PM
>>To: openldap-software@OpenLDAP.org
>>Subject: test of SASL DIGEST-MD5 mechanism
>>
>>
>>Hi:
>>
>>I am trying to set up some simple tests of SASL DIGEST-MD 5 mechanism
>>running openldap.2.1.16 with SASL on Solaris 5.7. But when I did the
>>search, I got the following message:
>>
>>ldapsearch -Y DIGEST-MD5 -U u00997 -b 'dc=rtp,dc=KiNETWORKS,dc=com'
>>'cn=Andrew'
>>SASL/DIGEST-MD5 authentication started
>>Please enter your password:
>>ldap_sasl_interactive_bind_s: Internal (implementation specific) error
>>(80)
>> additional info: SASL(-13): user not found: no secret in
>>database
>>
>>I have an entry in the Directory as the following:
>>
>># Andrew, engineer, rtp.KiNETWORKS.com
>>dn: cn=Andrew,cn=engineer,dc=rtp,dc=KiNETWORKS,dc=com
>>objectClass: person
>>objectClass: inetOrgPerson
>>cn: Andrew
>>sn: Findlay
>>uid: u00997
>>userPassword:: c2VjcmV0
>>
>>================== slapd.conf ====================
>>password-hash {CLEARTEXT}
>>sasl-regexp
>> uid=(.*),cn=rtp.KiNETWORKS.com,cn=digest-md5,cn=auth
>> uid=$1,cn=enigneer,dc=rtp,dc=KiNETWORKS,dc=com
>>================================================
>>
>>Could anyone tell if anything is wrong with the above sasl-regexp
>>mapping?
>>I even ran the debugger and found that in servers/slapd/saslauthz.c, at
>>line
>>302, the function call regexec( ) didn't return a 0 with the above
>>sasl-regexp.
>>And the following is in the "reg" structure during the debugging:
>>*reg = {
>> sr_match = 0x83e3fd8
>>"uid=(.*),cn=rtp.KiNETWORKS.com,cn=digest-md5,cn=auth"
>> sr_replace = 0x83a67b8
>>"uid=$1,cn=enigneer,dc=rtp,dc=KiNETWORKS,dc=com"
>> sr_workspace = {
>> re_nsub = 1U
>> re_comp = 0x83baba8
>> re_cflags = 5
>> re_erroff = 0
>> re_len = 108U
>> re_sc = 0x83bac30
>> }
>> sr_strings = (
>>{
>> rm_sp = 0x656e6973 "<bad address 0x656e6973>"
>> rm_ep = 0x61437373 "<bad address 0x61437373>"
>> rm_so = 1869047156
>> rm_eo = 606108018
>> rm_ss = 1918984992
>> rm_es = 1701013836
>> }{
>> rm_sp = 0x2065736e "<bad address 0x2065736e>"
>> rm_ep = 0x65642024 "<bad address 0x65642024>"
>> rm_so = 1953653104
>> rm_eo = 1953391981
>> rm_ss = 1651340622
>> rm_es = 606106213
>> }{
>> rm_sp = 0x69640920 "<bad address 0x69640920>"
>> rm_ep = 0x616c7073 "<bad address 0x616c7073>"
>> rm_so = 1835093625
>> rm_eo = 539238501
>> rm_ss = 1819307365
>> rm_es = 1701149039
>> }{
>> rm_sp = 0x626d754e "<bad address 0x626d754e>"
>> rm_ep = 0x24207265 "<bad address 0x24207265>"
>> rm_so = 1886217504
>> rm_eo = 1702457196
>> rm_ss = 1886999653
>> rm_es = 539238501
>> }{
>> rm_sp = 0x65766967 "<bad address 0x65766967>"
>> rm_ep = 0x6d614e6e "<bad address 0x6d614e6e>"
>> rm_so = 539238501
>> rm_eo = 1836017673
>> rm_ss = 1869107301
>> rm_es = 606102894
>> }{
>> rm_sp = 0x6d6f6820 "<bad address 0x6d6f6820>"
>> rm_ep = 0x736f5065 "<bad address 0x736f5065>"
>> rm_so = 1097621876
>> rm_eo = 1701995620
>> rm_ss = 606106483
>> rm_es = 1768843552
>> }{
>> rm_sp = 0x6c616974 "<bad address 0x6c616974>"
>> rm_ep = 0x20242073 "<bad address 0x20242073>"
>> rm_so = 1734701162
>> rm_eo = 1953458256
>> rm_ss = 539238511
>> rm_es = 1650551817
>> }{
>> rm_sp = 0x64656c65 "<bad address 0x64656c65>"
>> rm_ep = 0x20495255 "<bad address 0x20495255>"
>> rm_so = 1634541604
>> rm_eo = 606104681
>> rm_ss = 1851878688
>> rm_es = 1919248225
>> }{
>> rm_sp = 0x6d202420 "<bad address 0x6d202420>"
>> rm_ep = 0x6c69626f "<bad address 0x6c69626f>"
>> rm_so = 539238501
>> rm_eo = 539238511
>> rm_ss = 1701273968
>> rm_es = 539238514
>> }{
>> rm_sp = 0x6f687009 "<bad address 0x6f687009>"
>> rm_ep = 0x24206f74 "<bad address 0x24206f74>"
>> rm_so = 1869574688
>> rm_eo = 1836404333
>> rm_ss = 544367970
>> rm_es = 1702043684
>> }
>>)
>> sr_offset = (-2, 4, 46, -1, 1919251317, 1953654083, 1667851881,
>>543519841, 2013863972, 1966092341, 1970366830, 1701071205)
>>}
>>
>>
>>
>>================== log information for the slapd
>>==========================
>>==slap_sasl2dn: Converted SASL name to <nothing>
>>SASL Canonicalize [conn=0]: authcDN="uid=u00997,cn=digest-md5,cn=auth"
>>SASL Canonicalize [conn=0]: authzid="u00997"
>>SASL [conn=0] Failure: no secret in database
>>send_ldap_result: conn=0 op=1 p=3
>>send_ldap_result: err=80 matched="" text="SASL(-13): user not found: no
>>secret in database"
>>send_ldap_response: msgid=2 tag=97 err=80
>>ber_flush: 62 bytes to sd 11
>> 0000: 30 3c 02 01 02 61 37 0a 01 50 04 00 04 30 53 41
>>0<...a7..P...0SA
>> 0010: 53 4c 28 2d 31 33 29 3a 20 75 73 65 72 20 6e 6f SL(-13):
>>user no
>> 0020: 74 20 66 6f 75 6e 64 3a 20 6e 6f 20 73 65 63 72 t found: no
>>secr
>> 0030: 65 74 20 69 6e 20 64 61 74 61 62 61 73 65 et in
>>database
>>ldap_write: want=62, written=62
>> 0000: 30 3c 02 01 02 61 37 0a 01 50 04 00 04 30 53 41
>>0<...a7..P...0SA
>> 0010: 53 4c 28 2d 31 33 29 3a 20 75 73 65 72 20 6e 6f SL(-13):
>>user no
>> 0020: 74 20 66 6f 75 6e 64 3a 20 6e 6f 20 73 65 63 72 t found: no
>>secr
>> 0030: 65 74 20 69 6e 20 64 61 74 61 62 61 73 65 et in
>>database
>>conn=0 op=1 RESULT tag=97 err=80 text=SASL(-13): user not found: no
>>secret in database
>><== slap_sasl_bind: rc=80
>>daemon: select: listen=7 active_threads=1 tvp=NULL
>>daemon: activity on 1 descriptors
>>daemon: activity on: 11r
>>daemon: read activity on 11
>>connection_get(11)
>>connection_get(11): got connid=0
>>connection_read(11): checking for input on id=0
>>ber_get_next
>>ldap_read: want=9, got=0
>>
>>ber_get_next on fd 11 failed errno=0 (Error 0)
>>connection_read(11): input error=-2 id=0, closing.
>>connection_closing: readying conn=0 sd=11 for close
>>connection_close: conn=0 sd=11
>>daemon: removing 11
>>conn=0 fd=11 closed
>>daemon: select: listen=7 active_threads=0 tvp=NULL
>>daemon: activity on 1 descriptors
>>daemon: select: listen=7 active_threads=0 tvp=NULL
>>
>>======================================================================
>>
>>Thanks very much for your help.
>>
>>Cindy Wang
>>Software Product Engineer
>>KiNETWORKS
>>NOTICE: This E-mail may contain confidential information. If you are not
>>the addressee or the intended recipient please do not read this E-mail
>>and please immediately delete this e-mail message and any attachments
>>
>>
>>from your workstation or network mail system. If you are the addressee
>
>
>>or the intended recipient and you save or print a copy of this E-mail,
>>please place it in an appropriate file, depending on whether
>>confidential information is contained in the message.
>>
>>
>>
>>
>>
>>
>
>
>
>