[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Normal User Binding Problem?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


| | I have an RedHat ES 3.0 server running OpenSSL 0.9.7c, DB-4.2.52, | | Cyrus-SASL-2.1.17, and OpenLDAP-2.2.4. I have the server running | | and am able to bind as "manager" and "anonymous", however when I | | try to bind to the server as an actual "user", i.e. myself | ahirsch, | I get a connection refused with the following | information: | | slapd starting daemon: added 6r daemon: added 7r | daemon: select: | listen=6 active_threads=0 tvp=NULL daemon: | select: listen=7 | active_threads=0 tvp=NULL daemon: activity on 1 | descriptors daemon: | new connection on 10 | ldap_pvt_gethostbyname_a: host=konldap1, r=0 | conn=0 fd=10 ACCEPT | from IP=148.80.180.89:33755 (IP=0.0.0.0:389) | daemon: added 10r | daemon: activity on: daemon: select: listen=6 | active_threads=0 | tvp=NULL daemon: select: listen=7 active_threads=0 | tvp=NULL | daemon: activity on 1 descriptors daemon: activity on: 10r | | daemon: read activity on 10 connection_get(10) connection_get(10): | | got connid=0 connection_read(10): checking for input on id=0 | | ber_get_next ldap_read: want=8, got=8 ~ 0000: 30 31 02 01 01 60 | | 2c 02 01...`,. ldap_read: want=43, | got=43 ~ 0000: 01 03 04 1d 63 | 6e 3d 61 68 69 72 73 63 68 2c 20 | ....cn=ahirsch, ~ 0010: 64 63 3d | 63 65 6c 6c 6e 65 74 2c 64 63 | 3d 63 6f dc=cellnet,dc=co ~ 0020: | 6d 80 08 31 52 44 54 63 24 64 | 62 m..password ber_get_next: tag | 0x30 len 49 contents: ber_dump: | buf=0x081ed2c8 ptr=0x081ed2c8 | end=0x081ed2f9 len=49 ~ 0000: 02 01 | 01 60 2c 02 01 03 04 1d 63 6e | 3d 61 68 69 ...`,.....cn=ahi ~ | 0010: 72 73 63 68 2c 20 64 63 3d | 63 65 6c 6c 6e 65 74 rsch, | dc=cellnet ~ 0020: 2c 64 63 3d 63 6f | 6d 80 08 31 52 44 54 63 24 | 64 ,dc=com..password ~ 0030: 62 | b | ber_get_next ldap_read: want=8 error=Resource temporarily | | unavailable ber_get_next on fd 10 failed errno=11 (Resource | | temporarily unavailable) do_bind ber_scanf fmt ({imt) ber: | | ber_dump: buf=0x081ed2c8 ptr=0x081ed2cb end=0x081ed2f9 len=46 ~ | | 0000: 60 2c 02 01 03 04 1d 63 6e 3d 61 68 69 72 73 63 | | `,.....cn=ahirsc ~ 0010: 68 2c 20 64 63 3d 63 65 6c 6c 6e 65 74 | | 2c 64 63 h, dc=cellnet,dc ~ 0020: 3d 63 6f 6d 80 08 31 52 44 | 54 | 63 24 64 62 =com..password ber_scanf fmt (m}) ber: ber_dump: | | buf=0x081ed2c8 ptr=0x081ed2ef end=0x081ed2f9 len=10 ~ 0000: 00 08 | | 31 52 44 54 63 24 64 62 ..password |>> | dnPrettyNormal: | <cn=ahirsch, dc=cellnet,dc=com> => | ldap_bv2dn(cn=ahirsch, | dc=cellnet,dc=com,0) <= | ldap_bv2dn(cn=ahirsch, | dc=cellnet,dc=com,0)=0 => ldap_dn2bv(272) <= | | ldap_dn2bv(cn=ahirsch,dc=cellnet,dc=com,272)=0 => ldap_dn2bv(272) | | <= ldap_dn2bv(cn=ahirsch,dc=cellnet,dc=com,272)=0 <<< | | dnPrettyNormal: <cn=ahirsch,dc=cellnet,dc=com>, | | <cn=ahirsch,dc=cellnet,dc=com> do_bind: version=3 | | dn="cn=ahirsch,dc=cellnet,dc=com" method=128 conn=0 op=0 BIND | | dn="cn=ahirsch,dc=cellnet,dc=com" method=128 daemon: select: | | listen=6 active_threads=0 tvp=NULL ==> bdb_bind: dn: | | cn=ahirsch,dc=cellnet,dc=com | | bdb_dn2entry("cn=ahirsch,dc=cellnet,dc=com") => bdb_dn2id( | | "dc=cellnet,dc=com" ) <= bdb_dn2id: got id=0x00000001 => bdb_dn2id( | | "cn=ahirsch,dc=cellnet,dc=com" ) <= bdb_dn2id: get failed: | | DB_NOTFOUND: No matching key/data pair found (-30990) entry_decode: | | "dc=cellnet,dc=com" <= entry_decode(dc=cellnet,dc=com) | | send_ldap_result: conn=0 op=0 p=3 send_ldap_result: err=49 | | matched="" text="" send_ldap_response: msgid=1 tag=97 err=49 | | ber_flush: 14 bytes to sd 10 ~ 0000: 30 0c 02 01 01 61 07 0a 01 | | 31 04 00 04 00 0....a...1.... ldap_write: want=14, written=14 ~ | | 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 0....a...1.... | | conn=0 op=0 RESULT tag=97 err=49 text= daemon: select: listen=7 | | active_threads=0 tvp=NULL daemon: activity on 1 descriptors daemon: | | activity on: 10r daemon: read activity on 10 connection_get(10) | | connection_get(10): got connid=0 connection_read(10): checking | for | input on id=0 ber_get_next ldap_read: want=8, got=0 | | | ber_get_next on fd 10 failed errno=0 (Success) connection_read(10): | | input error=-2 id=0, closing. connection_closing: readying | conn=0 | sd=10 for close connection_close: conn=0 sd=10 daemon: | removing 10 | conn=0 fd=10 closed daemon: select: listen=6 | active_threads=0 | tvp=NULL daemon: select: listen=7 | active_threads=0 tvp=NULL daemon: | activity on 1 descriptors | daemon: select: listen=6 active_threads=0 | tvp=NULL daemon: | select: listen=7 active_threads=0 tvp=NULL | | I have verified that | the password is correct and I have machines | that I authenticate | against that allow me in fine, but am unable to | bind, say with | ldapbrowser, as a real user. | | Here are my ACL's from my | slapd.conf: | | access to attrs=userPassword ~ by self write ~ by | anonymous | auth ~ by dn.base="cn=Manager" write ~ by * none | | | access to * ~ by self write ~ by dn.base="cn=Manager" write | ~ by | * read stop | | I have also tried it without the dn.base lines with | the same | errors. I've been searching online but not finding any | answers. | Does anyone have any idea where I should look next? | | | TIA! | | When I try to perform an ldapsearch I get "ldap_bind: Invalid | credentials (49)" | | Here is the debug output from the search: | | [ahirsch@kclnx13 ahirsch]$ ldapsearch -x -d -1 -D | "cn=ahirsch,ou=office,ou=projects,dc=cellnet,dc=com" -h | 148.80.180.253 -p 389 -W ldap_create Enter LDAP Password: | ldap_bind_s ldap_simple_bind_s ldap_sasl_bind_s ldap_sasl_bind | ldap_send_initial_request ldap_new_connection | ldap_int_open_connection ldap_connect_to_host: TCP | 148.80.180.253:389 ldap_new_socket: 3 ldap_prepare_socket: 3 | ldap_connect_to_host: Trying 148.80.180.253:389 | ldap_connect_timeout: fd: 3 tm: -1 async: 0 ldap_ndelay_on: 3 | ldap_is_sock_ready: 3 ldap_ndelay_off: 3 ldap_int_sasl_open: | host=konldap1.cellnet.com ldap_open_defconn: successful | ldap_send_server_request ber_flush: 71 bytes to sd 3 ~ 0000: 30 45 | 02 01 01 60 40 02 01 03 04 32 63 6e 3d 61 0E...`@....2cn=a ~ 0010: | 68 69 72 73 63 68 2c 6f 75 3d 6f 66 66 69 63 65 hirsch,ou=office ~ | 0020: 2c 6f 75 3d 70 72 6f 6a 65 63 74 73 2c 64 63 3d | ,ou=projects,dc= ~ 0030: 63 65 6c 6c 6e 65 74 2c 64 63 3d 63 6f 6d | 80 07 cellnet,dc=com.. ~ 0040: 63 33 31 31 6e 33 74 c311n3t | ldap_write: want=71, written=71 ~ 0000: 30 45 02 01 01 60 40 02 01 | 03 04 32 63 6e 3d 61 0E...`@....2cn=a ~ 0010: 68 69 72 73 63 68 2c | 6f 75 3d 6f 66 66 69 63 65 hirsch,ou=office ~ 0020: 2c 6f 75 3d 70 | 72 6f 6a 65 63 74 73 2c 64 63 3d ,ou=projects,dc= ~ 0030: 63 65 6c | 6c 6e 65 74 2c 64 63 3d 63 6f 6d 80 07 cellnet,dc=com.. ~ 0040: 63 | 33 31 31 6e 33 74 c311n3t ldap_result msgid 1 ldap_chkResponseList | for msgid=1, all=1 ldap_chkResponseList returns NULL wait4msg | (infinite timeout), msgid 1 wait4msg continue, msgid 1, all 1 ** | Connections: * host: 148.80.180.253 port: 389 (default) ~ refcnt: 2 | status: Connected ~ last used: Mon Feb 9 12:38:30 2004 | | ** Outstanding Requests: ~ * msgid 1, origid 1, status InProgress ~ | outstanding referrals 0, parent count 0 ** Response Queue: ~ Empty | ldap_chkResponseList for msgid=1, all=1 ldap_chkResponseList | returns NULL ldap_int_select read1msg: msgid 1, all 1 ber_get_next | ldap_read: want=8, got=8 ~ 0000: 30 0c 02 01 01 61 07 0a 0....a.. | ldap_read: want=6, got=6 ~ 0000: 01 31 04 00 04 00 .1.... | ber_get_next: tag 0x30 len 12 contents: ber_dump: buf=0x09cfcec0 | ptr=0x09cfcec0 end=0x09cfcecc len=12 ~ 0000: 02 01 01 61 07 0a 01 | 31 04 00 04 00 ...a...1.... ldap_read: message type bind msgid 1, | original id 1 ber_scanf fmt ({iaa) ber: ber_dump: buf=0x09cfcec0 | ptr=0x09cfcec3 end=0x09cfcecc len=9 ~ 0000: 61 07 0a 01 31 04 00 04 | 00 a...1.... read1msg: 0 new referrals read1msg: mark request | completed, id = 1 request 1 done res_errno: 0, res_error: <>, | res_matched: <> ldap_free_request (origid 1, msgid 1) | ldap_free_connection ldap_free_connection: refcnt 1 | ldap_parse_result ber_scanf fmt ({iaa) ber: ber_dump: | buf=0x09cfcec0 ptr=0x09cfcec3 end=0x09cfcecc len=9 ~ 0000: 61 07 0a | 01 31 04 00 04 00 a...1.... ber_scanf fmt (}) ber: ber_dump: | buf=0x09cfcec0 ptr=0x09cfcecc end=0x09cfcecc len=0 | | ldap_msgfree ldap_perror ldap_bind: Invalid credentials (49) | | I know that the account ahirsch is popluated in | ou=office,ou=projects,dc=cellnet,dc=com on host 148.80.180.253 and | that the password used is correct. | | On my workstation, which authenticates me against the LDAP server | in question, when I do an ldapwhoami -x I get anonymous. I would | have thought that by logging in as myself it would have returned | ahirsch. | | I'm at a complete loss and we have to cut over to this server very | quickly as our access to the corporate LDAP server has been cut | off. Any ideas would be greatly appericiated!

The following are the configuration options I used for all installed
packages:

db4:  --prefix=/opt/ldap
cyrus-sasl:  --prefix=/opt/ldap
openldap:  --prefix=/opt/ldap --with-tls --with-cyrus-sasl
- --enable-syslog --enable-lmpasswd --enable-crypt

I used the following path:
/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/bin:.

CPPFLAGS was:
- -I/opt/ldap/include

LDFLAGS was:
- -L/opt/ldap/lib

And OpenSSL was complied to install in /opt/ldap too.

I can't think of any other information that may be useful, but figured
my configuration options may help somehow.
- --
Aaron M. Hirsch
Atos Origin - Cellnet
11146 Thompson Ave.
Lenexa, KS 66219
Work:(913) 312-4717
Fax:(913) 312-4701
Mobile:(913) 284-9094
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAKPNTgBD+XyMGAPwRAoKkAJ0Ztf1vlDhwHU9pd6LjlDMHXLSgFQCfYA0e
wzc+0n+cLQSveO6nv41CJPc=
=tbpD
-----END PGP SIGNATURE-----