[Date Prev][Date Next] [Chronological] [Thread] [Top]

syncrepl consumer is not honoring authcid



Hello,
my version: OpenLDAP HEAD

I have setup a syncrepl consumer with following options

,----[ slapd.conf ]
| syncrepl rid=54
|         provider=ldap://my.host:389
|         type=refreshOnly
|         interval=00:00:30:00
|         searchbase=ou=adressbuch,o=avci,c=de
|         scope=one
|         bindmethod=sasl
|         authcid=benchmark
|         credentials=bench
|         updatedn=cn=admanager,o=avci,c=de
`----

But the consumer is not binding with the given authcid and SASL
Mechanism, but as the user running slapd (dieter) and mech GSSAPI, is
there something wrong with my slapd.conf or is it a bug in syncrepl?


,----[ excerpt from log ]
| slapd[964]: conn=16 fd=23 ACCEPT from IP=192.168.100.33:32777 (IP=0.0.0.0:389)
| slapd[964]: connection_get(23) 
| slapd[964]: connection_get(23): got connid=16 
| slapd[964]: connection_read(23): checking for input on id=16
| [...] 
| slapd[1622]: do_search 
| slapd[1622]: >>> dnPrettyNormal: <> 
| slapd[1622]: <<< dnPrettyNormal: <>, <> 
| slapd[1622]: SRCH "" 0 3
| slapd[1622]:     0 0 0 
| slapd[1622]:     filter: (objectClass=*) 
| slapd[1622]:     attrs:
| slapd[1622]:  supportedSASLMechanisms
| [...]
| slapd[1624]: do_bind 
| slapd[1624]: >>> dnPrettyNormal: <> 
| slapd[1624]: <<< dnPrettyNormal: <>, <> 
| slapd[1624]: do_sasl_bind: dn () mech GSSAPI 
| slapd[1624]: conn=16 op=1 BIND dn="" method=163 
| slapd[1624]: ==> sasl_bind: dn="" mech=GSSAPI datalen=536 
| [...]
| slapd[1622]: do_sasl_bind: dn () mech GSSAPI 
| slapd[1622]: conn=16 op=3 BIND dn="" method=163 
| slapd[1622]: ==> sasl_bind: dn="" mech=<continuing> datalen=65 
| slapd[1622]: SASL Canonicalize [conn=16]: authcid="dieter" 
| slapd[1622]: slap_sasl_getdn: id=dieter [len=6] 
| slapd[1622]: slap_sasl_getdn: u:id converted to uid=dieter,cn=GSSAPI,cn=auth 
| slapd[1622]: >>> dnNormalize: <uid=dieter,cn=GSSAPI,cn=auth> 
| slapd[1622]: <<< dnNormalize: <uid=dieter,cn=gssapi,cn=auth> 
| slapd[1622]: conn=16 op=3 BIND dn="cn=dieter kluenter,ou=partner,o=avci,c=de" mech=GSSAPI ssf=56 
| slapd[1622]: do_bind: SASL/GSSAPI bind: dn="cn=dieter kluenter,ou=partner,o=avci,c=de" ssf=56 
| [...]
| slapd[1624]: => bdb_search 
| slapd[1624]: bdb_dn2entry("ou=adressbuch,o=avci,c=de") 
| slapd[1624]: bdb_dn2entry("cn=ldapsync,o=avci,c=de") 
| slapd[1624]: search_candidates: base="ou=adressbuch,o=avci,c=de" (0x00000004) scope=1 
| slapd[1624]: => bdb_equality_candidates (objectClass) 
| slapd[1624]: => key_read 
| slapd[1624]: => bdb_search 
| slapd[1624]: bdb_dn2entry("ou=adressbuch,o=avci,c=de") 
| slapd[1624]: bdb_dn2entry("cn=ldapsync,o=avci,c=de") 
| slapd[1624]: search_candidates: base="ou=adressbuch,o=avci,c=de" (0x00000004) scope=1 
| slapd[1624]: => bdb_equality_candidates (objectClass) 
| slapd[1624]: => key_read 
`----

-Dieter

-- 
Dieter Klünter | Systemberatung
Tel: +49.40.64861967
Fax: +49.40.64891521
Key ID: 9B13A25650EF4335