[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: syncrepl consumer is not honoring authcid

To: <openldap-software@OpenLDAP.org>, "Dieter Kluenter" <dieter@dkluenter.de>
Subject: Re: syncrepl consumer is not honoring authcid
From: "Jong-Hyuk" <jongchoi@OpenLDAP.org>
Date: Mon, 27 Sep 2004 14:45:48 -0400
References: <m33c134s06.fsf@orange.l4b.de>

Looks like saslmech=<mech> is omitted in the configuration file.
- Jong-Hyuk

----- Original Message ----- 
From: "Dieter Kluenter" <dieter@dkluenter.de>
To: <openldap-software@OpenLDAP.org>
Sent: Monday, September 27, 2004 12:05 PM
Subject: syncrepl consumer is not honoring authcid


Hello,
my version: OpenLDAP HEAD

I have setup a syncrepl consumer with following options

,----[ slapd.conf ]
| syncrepl rid=54
|         provider=ldap://my.host:389
|         type=refreshOnly
|         interval=00:00:30:00
|         searchbase=ou=adressbuch,o=avci,c=de
|         scope=one
|         bindmethod=sasl
|         authcid=benchmark
|         credentials=bench
|         updatedn=cn=admanager,o=avci,c=de
`----

But the consumer is not binding with the given authcid and SASL
Mechanism, but as the user running slapd (dieter) and mech GSSAPI, is
there something wrong with my slapd.conf or is it a bug in syncrepl?


,----[ excerpt from log ]
| slapd[964]: conn=16 fd=23 ACCEPT from IP=192.168.100.33:32777
(IP=0.0.0.0:389)
| slapd[964]: connection_get(23)
| slapd[964]: connection_get(23): got connid=16
| slapd[964]: connection_read(23): checking for input on id=16
| [...]
| slapd[1622]: do_search
| slapd[1622]: >>> dnPrettyNormal: <>
| slapd[1622]: <<< dnPrettyNormal: <>, <>
| slapd[1622]: SRCH "" 0 3
| slapd[1622]:     0 0 0
| slapd[1622]:     filter: (objectClass=*)
| slapd[1622]:     attrs:
| slapd[1622]:  supportedSASLMechanisms
| [...]
| slapd[1624]: do_bind
| slapd[1624]: >>> dnPrettyNormal: <>
| slapd[1624]: <<< dnPrettyNormal: <>, <>
| slapd[1624]: do_sasl_bind: dn () mech GSSAPI
| slapd[1624]: conn=16 op=1 BIND dn="" method=163
| slapd[1624]: ==> sasl_bind: dn="" mech=GSSAPI datalen=536
| [...]
| slapd[1622]: do_sasl_bind: dn () mech GSSAPI
| slapd[1622]: conn=16 op=3 BIND dn="" method=163
| slapd[1622]: ==> sasl_bind: dn="" mech=<continuing> datalen=65
| slapd[1622]: SASL Canonicalize [conn=16]: authcid="dieter"
| slapd[1622]: slap_sasl_getdn: id=dieter [len=6]
| slapd[1622]: slap_sasl_getdn: u:id converted to
uid=dieter,cn=GSSAPI,cn=auth
| slapd[1622]: >>> dnNormalize: <uid=dieter,cn=GSSAPI,cn=auth>
| slapd[1622]: <<< dnNormalize: <uid=dieter,cn=gssapi,cn=auth>
| slapd[1622]: conn=16 op=3 BIND dn="cn=dieter
kluenter,ou=partner,o=avci,c=de" mech=GSSAPI ssf=56
| slapd[1622]: do_bind: SASL/GSSAPI bind: dn="cn=dieter
kluenter,ou=partner,o=avci,c=de" ssf=56
| [...]
| slapd[1624]: => bdb_search
| slapd[1624]: bdb_dn2entry("ou=adressbuch,o=avci,c=de")
| slapd[1624]: bdb_dn2entry("cn=ldapsync,o=avci,c=de")
| slapd[1624]: search_candidates: base="ou=adressbuch,o=avci,c=de"
(0x00000004) scope=1
| slapd[1624]: => bdb_equality_candidates (objectClass)
| slapd[1624]: => key_read
| slapd[1624]: => bdb_search
| slapd[1624]: bdb_dn2entry("ou=adressbuch,o=avci,c=de")
| slapd[1624]: bdb_dn2entry("cn=ldapsync,o=avci,c=de")
| slapd[1624]: search_candidates: base="ou=adressbuch,o=avci,c=de"
(0x00000004) scope=1
| slapd[1624]: => bdb_equality_candidates (objectClass)
| slapd[1624]: => key_read
`----

-Dieter

-- 
Dieter Klünter | Systemberatung
Tel: +49.40.64861967
Fax: +49.40.64891521
Key ID: 9B13A25650EF4335

References:
- syncrepl consumer is not honoring authcid
  - From: Dieter Kluenter <dieter@dkluenter.de>

Prev by Date: Error 325
Next by Date: Re: [ldap] Addressbook
Index(es):
- Chronological
- Thread