[Date Prev][Date Next] [Chronological] [Thread] [Top]

slapd is not starting after building with SASL support

To: openldap-software@openldap.org
Subject: slapd is not starting after building with SASL support
From: Padmavathi Dt <padmavathi.dt@tcs.com>
Date: Mon, 7 Apr 2008 17:43:54 +0530

Hii List,

I have openldap-2.4.7 configured with openssl which was working fine till date.
Now I have installed Cyrus-SASL-2.2.21 without any problems.
I have rebuilt our openldap-2.4.7 as

[root@as3 libexec]# env LD_LIBRARY_PATH="/usr/local/BerkeleyDB.4.6/lib:/usr/loc
al/lib/sasl2:/usr/local/ssl/lib" CPPFLAGS="-I/usr/local/BerkeleyDB.4.6/include
-I/usr/local/ssl/include -I/usr/local/include" LDFLAGS="-L/usr/local/ssl/lib -L
/usr/local/BerkeleyDB.4.6/lib -L/usr/local/lib/sasl2 -R/usr/local/lib -R/usr/lo
cal/lib/sasl2 -R/usr/local/Berkeley.DB.4.6 -R/usr/local/ssl/lib" LIBS=-ldl ./co
nfigure --with-tls=openssl --with-cyrus-sasl

Every thing went fine.

We would like to use SASL/GSSAPI mechanism(we have working kerberos)
I have added the following lines to my slapd.conf file:

authz-regexp
uid=([^,]*),cn=bsnl.com,cn=gssapi,cn=auth
uid=$1,ou=people,dc=bsnl,dc=com

I have given a space before uid lines... Is it correct?
I have written the lines specified in the admin guide for testing..
{ Also anyone please tell me from where can I get more info about authz-regexp directive and the values it can take....}

Now when i start slapd as:
slapd -d127 -h "ldaps:///"

ps -ef|grep slapd is showing

root 3912 7442 0 18:40 pts/2 00:00:00 slapd -d127 -h ldaps:///
root 3919 3516 0 18:44 pts/4 00:00:00 grep slapd

and part of debug info regarding slapd start is:
daemon: new connection on 12
daemon: added 12r
daemon: activity on:
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 12r
daemon: read activity on 12
connection_get(12)
connection_get(12): got connid=1
connection_read(12): checking for input on id=1
TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=0

TLS: can't accept.
connection_read(12): TLS accept error error=-1 id=1, closing
connection_closing: readying conn=1 sd=12 for close
connection_close: conn=1 sd=12
daemon: removing 12
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL

Till date there was no problem with SSL-LDAP combination and it started giving trouble after SASL support was added
I have created principal for slapd as specified in the guide.
Also created one slapd.conf file for use with saslauthd daemon.It has:
pwcheck_method: saslauthd
saslauthd_path: /var/run/saslauthd/mux
mech_list: plain login ntlm kerberos5
~
~
I dont know where to start for making the entire combination to work....
Please help me to get this sorted ...
I shall be gratefule for every response
Thanx in advance...

Regards,
Padma.

=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you

Prev by Date: Re: Problems with openLDAP 2.3
Next by Date: Re: Embedding Other LDAP Server in OpenLDAP for User Authentification [Virus checked]
Index(es):
- Chronological
- Thread