[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: failed with ldapsearch with GSSAPI - Please helpppppppppp

Here is more info with ldapsearch:

root@fbsd [10:58pm] [...etc/openldap]# ldapsearch -d 1 -H ldap://kerberos.rock.com/ -x -b "" -s base
ldap_create
ldap_url_parse_ext(ldap://kerberos.rock.com/)
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP kerberos.rock.com:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 192.168.1.1:389
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_ndelay_off: 3
ldap_open_defconn: successful
ldap_send_server_request
ber_flush: 14 bytes to sd 3
ldap_result msgid 1
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 1
wait4msg continue, msgid 1, all 1
** Connections:
* host: kerberos.rock.com port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Jun 2 22:58:23 2004

** Outstanding Requests:
* msgid 1,  origid 1, status InProgress
  outstanding referrals 0, parent count 0
** Response Queue:
  Empty
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 1, all 1
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
ldap_read: message type bind msgid 1, original id 1
ber_scanf fmt ({iaa) ber:
read1msg:  0 new referrals
read1msg:  mark request completed, id = 1
request 1 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
# extended LDIF
#
# LDAPv3
# base <> with scope base
# filter: (objectclass=*)
# requesting: ALL
#

ldap_search_ext
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ldap_send_initial_request
ldap_send_server_request
ber_flush: 39 bytes to sd 3
ldap_result msgid -1
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid -1
wait4msg continue, msgid -1, all 0
** Connections:
* host: kerberos.rock.com  port: 389  (default)
 refcnt: 2  status: Connected
 last used: Wed Jun  2 22:58:23 2004

** Outstanding Requests:
* msgid 2,  origid 2, status InProgress
  outstanding referrals 0, parent count 0
** Response Queue:
  Empty
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid -1, all 0
ber_get_next
ber_get_next: tag 0x30 len 48 contents:
ldap_read: message type search-entry msgid 2, original id 2
ldap_get_dn_ber
ber_scanf fmt ({ml{) ber:
ldap_dn2ufn
ldap_dn_normalize
=> ldap_bv2dn(,0)
=> ldap_dn2bv(64)
#
dn:
ber_scanf fmt ({xx) ber:
ldap_get_attribute_ber
ber_scanf fmt ({mM}) ber:
objectClass: top
objectClass: OpenLDAProotDSE
ldap_get_attribute_ber
ldap_msgfree
ldap_result msgid -1
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid -1
wait4msg continue, msgid -1, all 0
** Connections:
* host: kerberos.rock.com  port: 389  (default)
 refcnt: 2  status: Connected
 last used: Wed Jun  2 22:58:23 2004

** Outstanding Requests:
* msgid 2,  origid 2, status InProgress
  outstanding referrals 0, parent count 0
** Response Queue:
  Empty
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid -1, all 0
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
ldap_read: message type search-result msgid 2, original id 2
ber_scanf fmt ({iaa) ber:
read1msg:  0 new referrals
read1msg:  mark request completed, id = 2
request 2 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 2, msgid 2)
ldap_free_connection
ldap_free_connection: refcnt 1

# search result
search: 2
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (}) ber:
ldap_err2string
result: 0 Success
ldap_msgfree

# numResponses: 2
# numEntries: 1
ldap_free_connection
ldap_send_unbind
ber_flush: 7 bytes to sd 3
ldap_free_connection: actually freed
root@fbsd [10:58pm] [...etc/openldap]#


The Shell wrote:

Andreas wrote:

On Wed, Jun 02, 2004 at 09:42:46PM +0800, The Shell wrote:


root@fbsd [9:29pm] [...openldap/openldap-data]# ldapsearch -Y GSSAPI -Z '(uid=Sambaroot)'
ldap_start_tls: Connect error (-11)
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available: No worthy mechs found
root@fbsd [9:30pm] [...openldap/openldap-data]#

does anyone know what is happening here and a way to fix it?


Check which sasl mechanisms your server is supporting:
ldapsearch -x -LLL -h server -b "" -s base supportedSASLMechanisms

You probably do not have gssapi support at the server.





Here is the result:
root@fbsd [10:27pm] [...openldap/openldap-data]# ldapsearch -x -LLL -h kerberos -b "" -s base supportedSASLMechanisms
dn:
supportedSASLMechanisms: NTLM
supportedSASLMechanisms: OTP
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5

Thanks
Sam