[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Connection failures from OS X, appears to be TLS-related



falling through to a simple bind, server side. The trick is to make OS X
do a simple bind (if that's what you want), which you do by either not
supporting SASL or pretending to not support SASL. One idea would be to
disable SASL in autoconf. I currently ACL out supportedSASLMechanisms.

Care to share the ACL you're using? I've tried both of these:

access to dn.base="" attrs=supportedSASLMechanisms
       by * none

access to attrs=supportedSASLMechanisms
        by * none

In both cases, anonymous binds are still able to read
supportedSASLMechanisms.  The ACL logs indicate that it's falling
through to the database default:

May 22 15:52:13 swozzle slapd[31751]: conn=0 fd=11 ACCEPT from
IP=150.253.90.107:63718 (IP=150.253.10.37:6666)
May 22 15:52:13 swozzle slapd[31751]: conn=0 fd=11 TLS established
tls_ssf=256 ssf=256
May 22 15:52:13 swozzle slapd[31751]: conn=0 op=0 BIND dn="" method=128
May 22 15:52:13 swozzle slapd[31751]: conn=0 op=0 RESULT tag=97 err=0 text=
May 22 15:52:13 swozzle slapd[31751]: conn=0 op=1 SRCH base="" scope=0
deref=0 filter="(objectClass=*)"
May 22 15:52:13 swozzle slapd[31751]: conn=0 op=1 SRCH
attr=supportedSASLMechanisms
May 22 15:52:13 swozzle slapd[31751]: => access_allowed: search access
to "" "objectClass" requested
May 22 15:52:13 swozzle slapd[31751]: => access_allowed: backend
default search access granted to "(anonymous)"
May 22 15:52:13 swozzle slapd[31751]: => access_allowed: read access
to "" "entry" requested
May 22 15:52:13 swozzle slapd[31751]: => access_allowed: backend
default read access granted to "(anonymous)"
May 22 15:52:13 swozzle slapd[31751]: => access_allowed: read access
to "" "supportedSASLMechanisms" requested
May 22 15:52:13 swozzle slapd[31751]: => access_allowed: backend
default read access granted to "(anonymous)"
May 22 15:52:13 swozzle slapd[31751]: conn=0 op=1 ENTRY dn=""
May 22 15:52:13 swozzle slapd[31751]: conn=0 op=1 SEARCH RESULT
tag=101 err=0 nentries=1 text=
May 22 15:52:13 swozzle slapd[31751]: conn=0 op=2 UNBIND
May 22 15:52:13 swozzle slapd[31751]: conn=0 fd=11 closed


Any thoughts?

Thanks!