[Date Prev][Date Next] [Chronological] [Thread] [Top]

FIXED RE: trouble with openldap 2.1.22 and sasl proxy auth

To: Andrey Nepomnyaschih <A.Nepomnyaschih@chartpilot.ru>
Subject: *FIXED* RE: trouble with openldap 2.1.22 and sasl proxy auth
From: Edward Rudd <eddie@omegaware.com>
Date: 19 Jul 2003 14:41:38 -0500
Cc: "'OpenLDAP'" <openldap-software@OpenLDAP.org>
In-reply-to: <1058634484.10229.12.camel@urkle.vernon.hills>
Organization: Omegaware Systems Ltd.
References: <000001c34dd6$fd081010$072883c3@dimetra> <1058634484.10229.12.camel@urkle.vernon.hills>

OK.. the compile of OpenLDAP wasn't correctly compiled with SASL
support.. I recompiled it on my system and all is GOOD!!

On Sat, 2003-07-19 at 12:08, Edward Rudd wrote:
> My logs don't have any requires to sasl-regexp anything w/o a auth
> mechanism..  I have a uid=(.),cn=digest-md5,cn=auth mapping as that's
> the requests I get... All of my user requrest are being mapped
> correctly..  
> uid=auxprop,cn=digest-md5,cn=auth->uid=auxprop,ou=people,o=myorg,c=us
> uid=eddie,cn=digest-md5,cn=auth->uid=eddie,ou=people,o=myorg,c=us
> On Sat, 2003-07-19 at 04:20, Andrey Nepomnyaschih wrote:
> > Hello Eddie,
> > 
> > Finally I have setup ldapdb with sasl but digging I found (maybe) the
> > cause of the problem for me and you. Here is the log output from running
> > slapd with debug level of 255.
> > 
> > Maybe you should add the following regexp:
> > sasl-regexp
> >   uid=(.*),cn=auth
> >   uid=$1,ou=Users,dc=chartpilot,dc=ru
> > 
> > The cause you can see below.
> > 
> > ===>slap_sasl_match: comparing DN uid=nas,cn=auth to rule
> > uid=.*,ou=Users,dc=chartpilot,dc=ru
> >                                   ^^^^^^^^^^^^^^^
> > slap_parseURI: parsing uid=.*,ou=Users,dc=chartpilot,dc=ru
> > ldap_url_parse_ext(uid=.*,ou=Users,dc=chartpilot,dc=ru)
> > >>> dnNormalize: <uid=.*,ou=Users,dc=chartpilot,dc=ru>
> > => ldap_bv2dn(uid=.*,ou=Users,dc=chartpilot,dc=ru,0)
> > <= ldap_bv2dn(uid=.*,ou=Users,dc=chartpilot,dc=ru,0)=0
> > => ldap_dn2bv(272)
> > <= ldap_dn2bv(uid=.*,ou=users,dc=chartpilot,dc=ru,272)=0
> > <<< dnNormalize: <uid=.*,ou=users,dc=chartpilot,dc=ru>
> > <===slap_sasl_match: comparison returned 48
> > <==slap_sasl_check_authz: saslAuthzTo check returning 48
> > <== slap_sasl_authorized: return 48
> > <= get_ctrls: n=1 rc=47 err="not authorized to assume identity"
> > 
> > Have a good time,
> > Andrey Nepomnyaschih
> > 
> > -----Original Message-----
> > From: owner-openldap-software@OpenLDAP.org
> > [mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of Edward Rudd
> > Sent: Saturday, July 19, 2003 11:14 AM
> > To: OpenLDAP
> > Subject: trouble with openldap 2.1.22 and sasl proxy auth
> > 
> > 
> > I was running 2.1.19 and had sasl proxy auth (sasl authz) working great
> > and using the ldapdb auxprop plugin for sasl to authenticate services..
> > Then I upgraded to 2.1.22 and now the proxy authentication won't work
> > any more...
> > 
> > this command..
> > ldapwhoami -U auxprop -X u:eddie -Y DIGEST-MD5 -H ldap:/// returns back
> > the DN of auxprop instead of the DN for eddie.. The configuration is
> > exactly the same.. same DB as well.. and the logs don't show any
> > errors... Does anyone have any idea of what I need to look for to solve
> > this???
-- 
Edward Rudd <eddie@omegaware.com>
Home Page <http://urkle.drip.ws/>

References:
- RE: trouble with openldap 2.1.22 and sasl proxy auth
  - From: "Andrey Nepomnyaschih" <A.Nepomnyaschih@chartpilot.ru>
- RE: trouble with openldap 2.1.22 and sasl proxy auth
  - From: Edward Rudd <eddie@omegaware.com>

Prev by Date: RE: trouble with openldap 2.1.22 and sasl proxy auth
Next by Date: newbie:- LDAP classes
Index(es):
- Chronological
- Thread

*FIXED* RE: trouble with openldap 2.1.22 and sasl proxy auth

FIXED RE: trouble with openldap 2.1.22 and sasl proxy auth