[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using back-ldap as a dumb proxy

To: Pierangelo Masarati <ando@sys-net.it>
Subject: Re: Using back-ldap as a dumb proxy
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Wed, 21 Feb 2007 15:37:03 -0800
Cc: openldap-software@openldap.org
Content-disposition: inline
In-reply-to: <45DCD478.1070505@sys-net.it>
References: <6AD808AA2BF4BF6414038620@deus-ex.stanford.edu> <85B4097385A933A1E1C56B66@deus-ex.stanford.edu> <45DCCD40.8070803@sys-net.it> <BF14F06D1A1E60A30BF5854E@deus-ex.stanford.edu> <45DCD478.1070505@sys-net.it>

--On Thursday, February 22, 2007 12:23 AM +0100 Pierangelo Masarati <ando@sys-net.it> wrote:

I have never tested back-ldap with GSSAPI; however, config parsing
exploits the slap_bindconf() code that's used throughout slapd (e.g. in
syncrepl), and the related SASL bind code was basically adapted from the
same source, and it is known to work with other SASL mechs.  I guess the
devil is in the details, as usual.  Can you debug it a little bit
further, e.g. by running with -d "stats,args,trace", or even more?

Sure. Which configuration do you want me to try it with? ;) Here is -d -1 with this config:

idassert-bind   bindmethod=sasl
               saslmech=gssapi
               realm=stanford.edu
               authcID=service/mailrouter@stanford.edu

authzID=dn:cn=mailrouter,cn=service,cn=applications,dc=stanford,dc=edu

daemon: activity on 1 descriptor

slap_listener(ldap:///)daemon: listen=7, new connection on 8

ldap_pvt_gethostbyname_a: host=smtp-dev.stanford.edu, r=0
daemon: added 8r (active) listener=(nil)
conn=0 fd=8 ACCEPT from IP=127.0.0.1:43402 (IP=0.0.0.0:389)
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: activity on: 8r
daemon: read activity on 8
connection_get(8)
connection_get(8): got connid=0
connection_read(8): checking for input on id=0
ber_get_next
ldap_read: want=8, got=8
 0000:  30 0c 02 01 01 60 07 02                            0....`..
ldap_read: want=6, got=6
 0000:  01 03 04 00 80 00                                  ......
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0x08193c48 ptr=0x08193c48 end=0x08193c54 len=12
 0000:  02 01 01 60 07 02 01 03  04 00 80 00               ...`........
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
ber_get_next on fd 8 failed errno=11 (Resource temporarily unavailable)
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
do_bind
ber_scanf fmt ({imt) ber:
ber_dump: buf=0x08193c48 ptr=0x08193c4b end=0x08193c54 len=9
 0000:  60 07 02 01 03 04 00 80  00                        `........
ber_scanf fmt (m}) ber:
ber_dump: buf=0x08193c48 ptr=0x08193c52 end=0x08193c54 len=2
 0000:  00 00                                              ..

dnPrettyNormal: <>

<<< dnPrettyNormal: <>, <>
do_bind: version=3 dn="" method=128
conn=0 op=0 BIND dn="" method=128
send_ldap_result: conn=0 op=0 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=1 tag=97 err=0
ber_flush: 14 bytes to sd 8
 0000:  30 0c 02 01 01 61 07 0a  01 00 04 00 04 00         0....a........
ldap_write: want=14, written=14
 0000:  30 0c 02 01 01 61 07 0a  01 00 04 00 04 00         0....a........
conn=0 op=0 RESULT tag=97 err=0 text=
do_bind: v3 anonymous bind
daemon: activity on 1 descriptor
daemon: activity on: 8r
daemon: read activity on 8
connection_get(8)
connection_get(8): got connid=0
connection_read(8): checking for input on id=0
ber_get_next
ldap_read: want=8, got=8
 0000:  30 39 02 01 02 63 34 04                            09...c4.
ldap_read: want=51, got=51
 0000:  12 64 63 3d 73 74 61 6e  66 6f 72 64 2c 64 63 3d   .dc=stanford,dc=
 0010:  65 64 75 0a 01 02 0a 01  00 02 01 00 02 01 00 01   edu.............
 0020:  01 00 a3 0d 04 03 75 69  64 04 06 71 75 61 6e 61   ......uid..quana
 0030:  68 30 00                                           h0.
ber_get_next: tag 0x30 len 57 contents:
ber_dump: buf=0x08195738 ptr=0x08195738 end=0x08195771 len=57
 0000:  02 01 02 63 34 04 12 64  63 3d 73 74 61 6e 66 6f   ...c4..dc=stanfo
 0010:  72 64 2c 64 63 3d 65 64  75 0a 01 02 0a 01 00 02   rd,dc=edu.......
 0020:  01 00 02 01 00 01 01 00  a3 0d 04 03 75 69 64 04   ............uid.
 0030:  06 71 75 61 6e 61 68 30  00                        .quanah0.
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
ber_get_next on fd 8 failed errno=11 (Resource temporarily unavailable)
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
do_search
ber_scanf fmt ({miiiib) ber:
ber_dump: buf=0x08195738 ptr=0x0819573b end=0x08195771 len=54
 0000:  63 34 04 12 64 63 3d 73  74 61 6e 66 6f 72 64 2c   c4..dc=stanford,
 0010:  64 63 3d 65 64 75 0a 01  02 0a 01 00 02 01 00 02   dc=edu..........
 0020:  01 00 01 01 00 a3 0d 04  03 75 69 64 04 06 71 75   .........uid..qu
 0030:  61 6e 61 68 30 00                                  anah0.

dnPrettyNormal: <dc=stanford,dc=edu>

=> ldap_bv2dn(dc=stanford,dc=edu,0) <= ldap_bv2dn(dc=stanford,dc=edu)=0 => ldap_dn2bv(272) <= ldap_dn2bv(dc=stanford,dc=edu)=0 => ldap_dn2bv(272) <= ldap_dn2bv(dc=stanford,dc=edu)=0 <<< dnPrettyNormal: <dc=stanford,dc=edu>, <dc=stanford,dc=edu> SRCH "dc=stanford,dc=edu" 2 0 0 0 0 begin get_filter EQUALITY ber_scanf fmt ({mm}) ber: ber_dump: buf=0x08195738 ptr=0x08195760 end=0x08195771 len=17 0000: a3 0d 04 03 75 69 64 04 06 71 75 61 6e 61 68 30 ....uid..quanah0 0010: 00 . end get_filter 0 filter: (uid=quanah) ber_scanf fmt ({M}}) ber: ber_dump: buf=0x08195738 ptr=0x0819576f end=0x08195771 len=2 0000: 00 00 .. attrs: conn=0 op=1 SRCH base="dc=stanford,dc=edu" scope=2 deref=0 filter="(uid=quanah)" ==> limits_get: conn=0 op=1 dn="[anonymous]" ldap_create ldap_url_parse_ext(ldap://ldap-test1.stanford.edu) =>ldap_back_getconn: conn 0x81a17c0 inserted refcnt=1 binding=1 send_ldap_result: conn=0 op=1 p=3 send_ldap_result: err=7 matched="" text="" send_ldap_response: msgid=2 tag=101 err=7 ber_flush: 14 bytes to sd 8 0000: 30 0c 02 01 02 65 07 0a 01 07 04 00 04 00 0....e........ ldap_write: want=14, written=14 0000: 30 0c 02 01 02 65 07 0a 01 07 04 00 04 00 0....e........ conn=0 op=1 SEARCH RESULT tag=101 err=7 nentries=0 text= daemon: activity on 1 descriptor daemon: activity on: 8r daemon: read activity on 8 connection_get(8) connection_get(8): got connid=0 connection_read(8): checking for input on id=0 ber_get_next ldap_read: want=8, got=7 0000: 30 05 02 01 03 42 00 0....B. ber_get_next: tag 0x30 len 5 contents: ber_dump: buf=0x08195898 ptr=0x08195898 end=0x0819589d len=5 0000: 02 01 03 42 00 ...B. ber_get_next ldap_read: want=8, got=0 do_unbind conn=0 op=2 UNBIND ber_get_next on fd 8 failed errno=0 (Success) connection_read(8): input error=-2 id=0, closing. connection_closing: readying conn=0 sd=8 for close connection_close: deferring conn=0 sd=8 daemon: select: listen=6 active_threads=0 tvp=NULL connection_resched: attempting closing conn=0 sd=8 daemon: select: listen=7 active_threads=0 tvp=NULL connection_close: conn=0 sd=8 daemon: activity on 1 descriptor =>ldap_back_conn_destroy: fetching conn 0 daemon: waked daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL daemon: removing 8 conn=0 fd=8 closed


I don't actually see any activity on ldap-test1, either.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

Follow-Ups:
- Re: Using back-ldap as a dumb proxy
  - From: Pierangelo Masarati <ando@sys-net.it>

References:
- Using back-ldap as a dumb proxy
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: Using back-ldap as a dumb proxy
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: Using back-ldap as a dumb proxy
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: Using back-ldap as a dumb proxy
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: Using back-ldap as a dumb proxy
Next by Date: Re: Using back-ldap as a dumb proxy
Index(es):
- Chronological
- Thread