[Date Prev][Date Next] [Chronological] [Thread] [Top]

small problem with ldap with tls and sasl

To: <openldap-software@openldap.org>
Subject: small problem with ldap with tls and sasl
From: "Rafal \(sxat\)" <gonzak@op.pl>
Date: Tue, 26 Dec 2006 19:06:37 +0100

Hello

how configure slapd.conf but i try setting SASL authentication on running
slapd but ldap alway is crash
"slapd in free(): error: junk pointer, too high to make sense"
or crash on this line in source code
file: saslauthz.c: Debug(LDAP_DEBUG_TRACE,'==>slap_sasl_authorized can %s
become %s')

I am running ./slapd -d -1 on first console

on other console I running ldapsearch -I
SASL/CRAM-MD5 authentication started
SASL Interaction
Please enter your authentication name: test
Please enter your password: **** <enter>
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

and ldapd on first console:

>>> dnNormalize: <uid=test,dc=example,dc=com>
=> ldap_bv2dn(uid=test,dc=example,dc=com,0)
<= ldap_bv2dn(uid=test,dc=example,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=test,dc=example,dc=com)=0
<<< dnNormalize: <uid=test,dc=example,dc=com>
<==slap_sasl2dn: Converted SASL name to uid=test,dc=example,dc=com
slap_sasl_getdn: dn:id converted to uid=test,dc=example,dc=com
SASL Canonicalize [conn=0]: slapAuthcDN="uid=test,dc=example,dc=com"
SASL proxy authorize [conn=0]: authcid="test" authzid="test"
<== slap_sasl_authorized: return 48
SASL proxy authorize after_5a [conn=0]: SASL Proxy Authorize [conn=0]: proxy
authorization disallowed (48)
SASL [conn=0] Failure: not authorized
slapd in free(): error: junk pointer, too high to make sense


my installed version is: OpenLDAP: slapd 2.3.31
- SASL cyrus-sasl-2.1.21 <- this library is ok - i have running postfix with
sasl
- unixODBC-2.2.11
- MyODBC-3.51.11
- FreeBSD 5.X
openldap normal working without tls and auth sasl but if I activate sasl and
write bad password when I logged to ldap is ok, all crash is alway when I
write correct user and password when i login


please help me.....

------------------
my slapd.conf:


include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
loglevel        -1

#allow bind_anon_cred
#defaultaccess none
#readonly off

TLSCertificateFile /tmp/ldap.crt
TLSCertificateKeyFile /tmp/ldap.key
TLSCACertificateFile /tmp/ca.crt
TLSCipherSuit HIGH


authzTo: uid=[^,]*,dc=example,dc=com

authz-regexp
    uid=([^,]*),cn=[^,]*,cn=auth
    uid=$1,dc=example,dc=com

#######################################################################
# sql database definitions
#######################################################################
database        sql
suffix          "dc=example,dc=com"

rootdn          "cn=test,dc=example,dc=com"
#rootpw         secret
dbname          ldap
dbuser          ldap
dbpasswd        ldap
subtree_cond    "ldap_entries.dn LIKE CONCAT('%',?)"
insentry_stmt   "INSERT INTO ldap_entries (dn,oc_map_id,parent,keyval)
VALUES (?,?,?,?)"
has_ldapinfo_dn_ru      no

access to attrs=userPassword
      by * auth

Prev by Date: Re: custome schema does not work
Next by Date: Re: custome schema does not work
Index(es):
- Chronological
- Thread