[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP with GSSAPI problem
Hello Turbo,
Thanks for your mail,he is my answers,
1. sasl-realm TEAM.COM
I have uncomment the above line.
2. sasl-host krishna.team.com
Yes, this is the FQDN of slapd is running on.
3. I remove "access to * by * read" , "srvtab /etc/krb5.keytab" lines as
you said.
4. I use the following one,i am sorry i repeat this mistake while copy from
slapd.
sasl-regexp
uid=(.*),cn=gssapi,cn=auth
ldap:///dc=team,dc=com??sub?(krb5PrincipalName=$1@REALM)
5. HP-UX 11.11 comes with default Kerberos and GSSAPI libraries with it.It
does not comes with SASL or LDAP.
In openldap compilation i used the system default kerberos and
libraries.
Note:- CyrusSASL sample-server,client is worked fine with This build.
6. My ldd out for the libldap libraries is,
# ldd libldap.sl.2
/usr/lib/libc.2 => /usr/lib/libc.2
/usr/lib/libdld.2 => /usr/lib/libdld.2
/usr/lib/libc.2 => /usr/lib/libc.2
/usr/lib/libgss.sl => /usr/lib/libgss.sl
/vob/hpux_buildenv/hp700_ux1111/usr/lib/libdld.2 =>
/usr/lib/libdld.2
/vob/hpux_buildenv/hp700_ux1111/usr/lib/libc.2 =>
/usr/lib/libc.2
/usr/lib/libcom_err.sl => /usr/lib/libcom_err.sl
/usr/lib/libk5crypto.sl => /usr/lib/libk5crypto.sl
/usr/lib/libkrb5.sl => /usr/lib/libkrb5.sl
/usr/lib/libcom_err.sl => /usr/lib/libcom_err.sl
/usr/lib/libk5crypto.sl => /usr/lib/libk5crypto.sl
/usr/lib/libnsl.1 => /usr/lib/libnsl.1
/usr/lib/libxti.2 => /usr/lib/libxti.2
/opt/iexpress/openldap/lib/liblber.sl.2 =>
/opt/iexpress/openldap/lib/liblber.sl.2
/usr/lib/libc.2 => /usr/lib/libc.2
But still i got the same error,
# ldapsearch -Y GSSAPI
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): authentication failure: GSSAPI Failure
Here is my gdb (debugging output of server)
slapd starting
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ber_scanf fmt (m) ber:
connection_get(14): got connid=0
connection_read(14): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 507 contents:
ber_get_next
do_bind
ber_get_next on fd 14 failed errno=11 (Resource temporarily unavailable)
ber_scanf fmt ({imt) ber:
ber_scanf fmt ({o) ber:
ber_scanf fmt (m) ber:
ber_scanf fmt (}}) ber:
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_sasl_bind: dn () mech GSSAPI
[Switching to thread 2 (system thread 186091)]
Breakpoint 1, do_bind (conn=0x40093590, op=0x400a3ff8) at bind.c:305
305 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
(gdb) n
307 rc = slap_sasl_bind( conn, op,
(gdb)
send_ldap_sasl: err=14 len=106
send_ldap_response: msgid=1 tag=97 err=14
ber_flush: 122 bytes to sd 14
<== slap_sasl_bind: rc=14
connection_get(14): got connid=0
connection_read(14): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 20 contents:
deferring operation
311 ldap_pvt_thread_mutex_lock( &conn->c_mutex );
(gdb)
312 if( rc == LDAP_SUCCESS ) {
(gdb)
355 } else if ( rc == LDAP_SASL_BIND_IN_PROGRESS ) {
(gdb)
356 conn->c_sasl_bind_in_progress = 1;
(gdb)
366 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
(gdb)
368 goto cleanup;
(gdb)
681 conn->c_sasl_bindop = NULL;
(gdb)
683 if( pdn.bv_val != NULL ) {
(gdb)
684 free( pdn.bv_val );
(gdb)
686 if( ndn.bv_val != NULL ) {
(gdb)
687 free( ndn.bv_val );
(gdb)
689 if ( mech.bv_val != NULL ) {
(gdb)
693 return rc;
(gdb)
694 }
(gdb)
connection_operation (ctx=0x400a29f0, arg_v=0x400a3ff8) at connection.c:918
918 break;
(gdb)
984 if( rc == SLAPD_DISCONNECT ) tag = LBER_ERROR;
(gdb)
987 ldap_pvt_thread_mutex_lock( &num_ops_mutex );
(gdb)
988 num_ops_completed++;
(gdb)
1023 ldap_pvt_thread_mutex_unlock( &num_ops_mutex );
(gdb)
1037 ldap_pvt_thread_mutex_lock( &conn->c_mutex );
(gdb)
1039 conn->c_n_ops_executing--;
(gdb)
1040 conn->c_n_ops_completed++;
(gdb)
1042 LDAP_STAILQ_REMOVE( &conn->c_ops, op, slap_op, o_next);
(gdb)
1043 LDAP_STAILQ_NEXT(op, o_next) = NULL;
(gdb)
1060 slap_op_free( op );
(gdb)
1064 switch( tag ) {
(gdb)
1072 conn->c_sasl_bind_in_progress =
(gdb)
1075 if( conn->c_conn_state == SLAP_C_BINDING) {
(gdb)
1076 conn->c_conn_state = SLAP_C_ACTIVE;
(gdb)
1080 connection_resched( conn );
(gdb)
do_bind
1082 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
(gdb)
ber_scanf fmt ({imt) ber:
ber_scanf fmt ({o) ber:
ber_scanf fmt (}}) ber:
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_sasl_bind: dn () mech GSSAPI
[Switching to thread 4 (system thread 186102)]
Breakpoint 1, do_bind (conn=0x400935a0, op=0x400a4310) at bind.c:305
305 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
(gdb)
[Switching to thread 2 (system thread 186100)]
connection_operation (ctx=0x400a29f0, arg_v=0x400a3ff8) at connection.c:1084
1084 return NULL;
(gdb)
[Switching to thread 4 (system thread 186102)]
do_bind (conn=0x400935a0, op=0x400a4310) at bind.c:307
307 rc = slap_sasl_bind( conn, op,
(gdb)
[Switching to thread 2 (system thread 186100)]
connection_operation (ctx=0x400a29f0, arg_v=0x400a3ff8) at connection.c:1085
1085 }
(gdb)
SASL [conn=0] Failure: GSSAPI Failure
[Switching to thread 2 (system thread 186100)]
0xbc264 in ldap_int_thread_pool_wrapper+0x1ec ()
(gdb)
Single stepping until exit from function ldap_int_thread_pool_wrapper,
which has no line number information.
send_ldap_result: conn=0 op=1 p=3
send_ldap_response: msgid=2 tag=97 err=49
ber_flush: 63 bytes to sd 14
<== slap_sasl_bind: rc=49
[Switching to thread 4 (system thread 186102)]
do_bind (conn=0x400935a0, op=0x400a4310) at bind.c:311
311 ldap_pvt_thread_mutex_lock( &conn->c_mutex );
(gdb)
[ THE CLIENT SIDE CONNECTION IS CLOSED WITH ERROR MESSAGE AT THIS POINT ]
(gdb) n
[Switching to thread 4 (system thread 186102)]
312 if( rc == LDAP_SUCCESS ) {
(gdb) n
[Switching to thread 4 (system thread 186102)]
355 } else if ( rc == LDAP_SASL_BIND_IN_PROGRESS ) {
(gdb) n
[Switching to thread 4 (system thread 186102)]
359 if ( conn->c_sasl_bind_mech.bv_val ) {
(gdb) n
[Switching to thread 4 (system thread 186102)]
360 free(
conn->c_sasl_bind_mech.bv_val );
(gdb)
[Switching to thread 4 (system thread 186102)]
361 conn->c_sasl_bind_mech.bv_val =
NULL;
(gdb)
[Switching to thread 4 (system thread 186102)]
362 conn->c_sasl_bind_mech.bv_len = 0;
(gdb)
[Switching to thread 4 (system thread 186102)]
364 conn->c_sasl_bind_in_progress = 0;
(gdb)
[Switching to thread 4 (system thread 186102)]
366 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
(gdb)
[Switching to thread 4 (system thread 186102)]
368 goto cleanup;
(gdb)
681 conn->c_sasl_bindop = NULL;
(gdb)
[Switching to thread 4 (system thread 186102)]
683 if( pdn.bv_val != NULL ) {
(gdb)
[Switching to thread 4 (system thread 186102)]
684 free( pdn.bv_val );
(gdb)
[Switching to thread 4 (system thread 186102)]
686 if( ndn.bv_val != NULL ) {
(gdb)
[Switching to thread 4 (system thread 186102)]
687 free( ndn.bv_val );
(gdb)
[Switching to thread 4 (system thread 186102)]
689 if ( mech.bv_val != NULL ) {
(gdb)
[Switching to thread 4 (system thread 186102)]
690 free( mech.bv_val );
(gdb)
[Switching to thread 4 (system thread 186102)]
693 return rc;
(gdb)
connection_get(14): got connid=0
connection_read(14): checking for input on id=0
ber_get_next
ber_get_next on fd 14 failed errno=0 (Error 0)
connection_read(14): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=14 for close
connection_close: deferring conn=0 sd=14
[Switching to thread 4 (system thread 186102)]
694 }
(gdb)
[Switching to thread 4 (system thread 186102)]
connection_operation (ctx=0x400c2028, arg_v=0x400a4310) at connection.c:918
918 break;
(gdb)
[Switching to thread 4 (system thread 186102)]
984 if( rc == SLAPD_DISCONNECT ) tag = LBER_ERROR;
(gdb)
[Switching to thread 4 (system thread 186102)]
987 ldap_pvt_thread_mutex_lock( &num_ops_mutex );
(gdb)
988 num_ops_completed++;
(gdb)
1023 ldap_pvt_thread_mutex_unlock( &num_ops_mutex );
(gdb)
[Switching to thread 4 (system thread 186102)]
1037 ldap_pvt_thread_mutex_lock( &conn->c_mutex );
(gdb)
[Switching to thread 4 (system thread 186102)]
1039 conn->c_n_ops_executing--;
(gdb)
[Switching to thread 4 (system thread 186102)]
1040 conn->c_n_ops_completed++;
(gdb)
[Switching to thread 4 (system thread 186102)]
1042 LDAP_STAILQ_REMOVE( &conn->c_ops, op, slap_op, o_next);
(gdb)
[Switching to thread 4 (system thread 186102)]
1043 LDAP_STAILQ_NEXT(op, o_next) = NULL;
(gdb)
1060 slap_op_free( op );
(gdb)
1064 switch( tag ) {
(gdb)
1072 conn->c_sasl_bind_in_progress =
(gdb)
1075 if( conn->c_conn_state == SLAP_C_BINDING) {
(gdb)
1080 connection_resched( conn );
(gdb)
connection_resched: attempting closing conn=0 sd=14
connection_close: conn=0 sd=14
1082 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
(gdb)
1084 return NULL;
(gdb)
1085 }
(gdb)
0xbc264 in ldap_int_thread_pool_wrapper+0x1ec ()
(gdb)
Single stepping until exit from function ldap_int_thread_pool_wrapper,
which has no line number information.
CNRL+C
0x7b0111a0 in __ksleep+0x10 () from /usr/lib/libc.2
(gdb) q
The program is running. Exit anyway? (y or n) y