[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: trouble with openldap 2.1.22 and sasl proxy auth



My logs don't have any requires to sasl-regexp anything w/o a auth
mechanism..  I have a uid=(.),cn=digest-md5,cn=auth mapping as that's
the requests I get... All of my user requrest are being mapped
correctly..  
uid=auxprop,cn=digest-md5,cn=auth->uid=auxprop,ou=people,o=myorg,c=us
uid=eddie,cn=digest-md5,cn=auth->uid=eddie,ou=people,o=myorg,c=us
On Sat, 2003-07-19 at 04:20, Andrey Nepomnyaschih wrote:
> Hello Eddie,
> 
> Finally I have setup ldapdb with sasl but digging I found (maybe) the
> cause of the problem for me and you. Here is the log output from running
> slapd with debug level of 255.
> 
> Maybe you should add the following regexp:
> sasl-regexp
>   uid=(.*),cn=auth
>   uid=$1,ou=Users,dc=chartpilot,dc=ru
> 
> The cause you can see below.
> 
> ===>slap_sasl_match: comparing DN uid=nas,cn=auth to rule
> uid=.*,ou=Users,dc=chartpilot,dc=ru
>                                   ^^^^^^^^^^^^^^^
> slap_parseURI: parsing uid=.*,ou=Users,dc=chartpilot,dc=ru
> ldap_url_parse_ext(uid=.*,ou=Users,dc=chartpilot,dc=ru)
> >>> dnNormalize: <uid=.*,ou=Users,dc=chartpilot,dc=ru>
> => ldap_bv2dn(uid=.*,ou=Users,dc=chartpilot,dc=ru,0)
> <= ldap_bv2dn(uid=.*,ou=Users,dc=chartpilot,dc=ru,0)=0
> => ldap_dn2bv(272)
> <= ldap_dn2bv(uid=.*,ou=users,dc=chartpilot,dc=ru,272)=0
> <<< dnNormalize: <uid=.*,ou=users,dc=chartpilot,dc=ru>
> <===slap_sasl_match: comparison returned 48
> <==slap_sasl_check_authz: saslAuthzTo check returning 48
> <== slap_sasl_authorized: return 48
> <= get_ctrls: n=1 rc=47 err="not authorized to assume identity"
> 
> Have a good time,
> Andrey Nepomnyaschih
> 
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of Edward Rudd
> Sent: Saturday, July 19, 2003 11:14 AM
> To: OpenLDAP
> Subject: trouble with openldap 2.1.22 and sasl proxy auth
> 
> 
> I was running 2.1.19 and had sasl proxy auth (sasl authz) working great
> and using the ldapdb auxprop plugin for sasl to authenticate services..
> Then I upgraded to 2.1.22 and now the proxy authentication won't work
> any more...
> 
> this command..
> ldapwhoami -U auxprop -X u:eddie -Y DIGEST-MD5 -H ldap:/// returns back
> the DN of auxprop instead of the DN for eddie.. The configuration is
> exactly the same.. same DB as well.. and the logs don't show any
> errors... Does anyone have any idea of what I need to look for to solve
> this???
-- 
Edward Rudd <eddie@omegaware.com>
Home Page <http://urkle.drip.ws/>