Re: pass-through authentication

Sorry, I had started the saslauthd incorrectly which is why I got the socket error.

This is tail of the latest saslauthd debug output :

ldap_sasl_interactive_bind: user selected: DIGEST-MD5

ldap_int_sasl_bind: DIGEST-MD5

ldap_new_connection 1 1 0

ldap_int_open_connection

ldap_connect_to_host: TCP 182.19.136.42:389

ldap_new_socket: 10

ldap_prepare_socket: 10

ldap_connect_to_host: Trying 182.19.136.42:389

ldap_pvt_connect: fd: 10 tm: 10 async: 0

ldap_ndelay_on: 10

attempting to connect:

connect errno: 115

ldap_int_poll: fd: 10 tm: 10

ldap_is_sock_ready: 10

ldap_ndelay_off: 10

ldap_pvt_connect: 0

ldap_int_sasl_open: host=182.19.136.42

ldap_sasl_bind

ldap_send_initial_request

ldap_send_server_request

ldap_msgfree

ldap_result ld 0x7f9f426f2990 msgid 1

wait4msg ld 0x7f9f426f2990 msgid 1 (timeout 10000000 usec)

wait4msg continue ld 0x7f9f426f2990 msgid 1 all 1

** ld 0x7f9f426f2990 Connections:

* host: 182.19.136.42 port: 389 (default)

refcnt: 2 status: Connected

last used: Wed Dec 30 18:50:38 2015

** ld 0x7f9f426f2990 Outstanding Requests:

* msgid 1, origid 1, status InProgress

outstanding referrals 0, parent count 0

ld 0x7f9f426f2990 request count 1 (abandoned 0)

** ld 0x7f9f426f2990 Response Queue:

Empty

ld 0x7f9f426f2990 response count 0

ldap_chkResponseList ld 0x7f9f426f2990 msgid 1 all 1

ldap_chkResponseList returns ld 0x7f9f426f2990 NULL

ldap_int_select

read1msg: ld 0x7f9f426f2990 msgid 1 all 1

read1msg: ld 0x7f9f426f2990 msgid 1 message type bind

read1msg: ld 0x7f9f426f2990 0 new referrals

read1msg: mark request completed, ld 0x7f9f426f2990 msgid 1

request done: ld 0x7f9f426f2990 msgid 1

res_errno: 7, res_error: <SASL(-4): no mechanism available: >, res_matched: <>

ldap_free_request (origid 1, msgid 1)

ldap_int_sasl_bind: DIGEST-MD5

ldap_parse_sasl_bind_result

ldap_parse_result

ldap_msgfree

ldap_err2string

Tim

On Wed, Dec 30, 2015 at 6:29 PM, Timothy Keith <timothy.g.keith@gmail.com> wrote:

I'm still having troubles with pass-through SASL on RHEL

testsaslauthd produces this message :
0: NO "authentication failed"

With this in the system log :
saslauthd logs reason=Unknown

When saslauthd is launched in verbose mode and followed by testsaslauthd it prints :

connect() : No such file or directory

Tim

On Thu, Dec 24, 2015 at 1:46 PM, Timothy Keith <timothy.g.keith@gmail.com> wrote:
As per my ongoing LDAP SASL design question, can anyone recommend a good tutorial for pass-through authentication ?

Tim

On Tue, Dec 22, 2015 at 2:47 PM, Timothy Keith <timothy.g.keith@gmail.com> wrote:
Uwe, your assistance could be very helpful. I followed Open LDAP tutorials but could not determine why the SASL requests fail. I am a newcomer to LDAP.

Tim

On Mon, Dec 21, 2015 at 12:04 PM, Hering, Uwe <uwe.hering@cgi.com> wrote:
Hello Tim,

we have set up such a setup where one can authenticate against OpenLDAP which redirects the request via saslauthd/kerberos to an AD server. Within the AD a service account with corresponding keytab will be necessary.

If you are interested I can try to get the pieces of information together again.

Regards,

Uwe

-----Ursprüngliche Nachricht-----
Von: openldap-technical [mailto:openldap-technical-bounces@openldap.org] Im Auftrag von Timothy Keith
Gesendet: Freitag, 18. Dezember 2015 01:33
An: openldap-technical@openldap.org
Betreff: pass-through authentication

We are attempting to set up an LDAP server which will answer queries from an application. The database will contain metadata on a set of users in the application. The application will also query the server to authenticate the user’s password, however, this server will not house the password. That resides on another server, which our server
will query. We do not have administrative rights to the other
server.

The difficulty we are having now is setting up the pass-through authentication for the passwords. Any pointers in how to proceed with this would be greatly appreciated.

Regards,

Tim