[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL auth fails with "unable to get user's secret"

To: openldap-software@OpenLDAP.org
Subject: SASL auth fails with "unable to get user's secret"
From: Georg Altmann <george@george-net.de>
Date: Wed, 20 Feb 2002 15:55:39 +0100
User-agent: Internet Messaging Program (IMP) 3.0

Hello,

im stuck with getting openldap to work and would appreciate any help.
System:
cyrus-sasl-1.5.27
openldap-2.0.23
linux-2.4.7 (RedHat 7.0)

my slapd.conf is:
include /etc/openldap/schema/core.schema
pidfile /var/run/slapd.pid
access to * by *

database ldbm
suffix "dc=example,dc=com"
directory /var/openldap-ldbm
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
index cn pres,eq,sub

The first thing is, that SASL authentication won't work.
 ldapadd -U georg -Y georg -Y DIGEST-MD5 -v -f lroot.ldif
gives me:
  ldap_initialize( <DEFAULT> )
  SASL/DIGEST-MD5 authentication started
  Please enter your password:
  ldap_sasl_interactive_bind_s: Unknown error
        additional info: unable to get user's secret

the log says:
Feb 20 14:34:00 router slapd[4262]: daemon: conn=2 fd=11 connection from IP=127.
0.0.1:34236 (IP=0.0.0.0:34049) accepted.
Feb 20 14:34:00 router slapd[4264]: conn=2 op=0 BIND dn="" method=163
Feb 20 14:34:02 router slapd[4264]: conn=2 op=1 BIND dn="" method=163
Feb 20 14:34:02 router slapd[4264]: conn=2 op=1 RESULT tag=97 err=80 text=unable to get user's secret
Feb 20 14:34:02 router slapd[4262]: conn=-1 fd=11 closed

SASL authentication is working fine with cyrus-imapd and the client/server tools from the cyrus-sasl source.

The second problem is, that though it is possible to add entrys with simple auth, ldapsearch doesn't return any records:
ldapadd -f lroot.ldif -x -D "cn=Manager,dc=example,dc=com" -w secret -v
ldap_initialize( <DEFAULT> )
add objectclass:
        dcobject
add dc:
        example
adding new entry "dc=example,dc=com"
modify complete

add objectClass:
        person
add cn:
        George Clown
        Clown
add sn:
        George
add description:
        Company Clown
adding new entry "cn=Clown,dc=example,dc=com"
modify complete

ldapsearch -x -s base -b "" -h router -v "*"
ldap_init( router, 0 )
filter: (objectclass=*)
requesting: *
version: 2

#
# filter: (objectclass=*)
# requesting: *
#

# search result
search: 2
result: 32 No such object

# numResponses: 1

I am not very familiar with ldap, so maybe i have made a mistake somewhere.
BTW The tests supplied with the source work fine.

Regards,
Georg

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/

Prev by Date: Re: LDAP default listening port
Next by Date: ldappasswd questions
Index(es):
- Chronological
- Thread