[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: kpasswd



On Friday, October 17, 2003, at 11:13 AM, I wrote:

I'm running into some difficulty -- started saslauthd as:
   saslauthd -a kerberos5

Edited my userPassword attribute to be:

   userPassword: {SASL}astreib@IU.EDU

I get an invalid credentials error trying to bind. Also tried omitting the @IU.EDU and the same error. My ldap logs show:

Oct 17 11:06:56 slapd[30324]: SASL [conn=10] Error: unable to open Berkeley db /etc/sasldb2: No such file or directory
Oct 17 11:06:56 slapd[30324]: SASL [conn=10] Failure: Invalid credentials

I created the /etc/sasldb2 and that made no difference (other than making that log message stop). Here's some more detailed logging -- if anyone can spot a clue here I'd appreciate some guidance. I'm thinking the "Converted SASL name to <nothing>" message might be a problem?


.
.
.
SASL Canonicalize [conn=1]: authcid="astreib@IU.EDU"
slap_sasl_getdn: id=astreib@IU.EDU [len=14]
getdn: u:id converted to uid=astreib,cn=IU.EDU,cn=auth
>>> dnNormalize: <uid=astreib,cn=IU.EDU,cn=auth>
=> ldap_bv2dn(uid=astreib,cn=IU.EDU,cn=auth,0)
<= ldap_bv2dn(uid=astreib,cn=IU.EDU,cn=auth,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=astreib,cn=iu.edu,cn=auth,272)=0
<<< dnNormalize: <uid=astreib,cn=iu.edu,cn=auth>
==>slap_sasl2dn: converting SASL name uid=astreib,cn=iu.edu,cn=auth to a DN
slap_sasl_regexp: converting SASL name uid=astreib,cn=iu.edu,cn=auth
<==slap_sasl2dn: Converted SASL name to <nothing>
SASL Canonicalize [conn=1]: authcDN="uid=astreib,cn=iu.edu,cn=auth"
slap_sasl_getdn: id=astreib@IU.EDU [len=0]
getdn: u:id converted to uid=astreib,cn=IU.EDU,cn=auth
>>> dnNormalize: <uid=astreib,cn=IU.EDU,cn=auth>
=> ldap_bv2dn(uid=astreib,cn=IU.EDU,cn=auth,0)
<= ldap_bv2dn(uid=astreib,cn=IU.EDU,cn=auth,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=astreib,cn=iu.edu,cn=auth,272)=0
<<< dnNormalize: <uid=astreib,cn=iu.edu,cn=auth>
==>slap_sasl2dn: converting SASL name uid=astreib,cn=iu.edu,cn=auth to a DN
slap_sasl_regexp: converting SASL name uid=astreib,cn=iu.edu,cn=auth
<==slap_sasl2dn: Converted SASL name to <nothing>
ldap_err2string
SASL [conn=1] Failure: Invalid credentials
.
.
.