[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
SASL Auth with -d ok, otherwise internal error 80
Hello list,
this is my first time trying to set up SASL, I'm probably doing
something wrong. Anyhow:
- I'm on OpenSolaris snv_127
- using SUNWopenldap from IPS (which links with bdb 4.7.25) I got strange
slapd (and slapcat) hangs (probably in bdb). This forced me to set it all
up from source.
- I've compiled latest bdb 4.8 from source
- I've compiled latest OpenLDAP 2.4.21 from source with this configure
args:
$ cat myconfigure
export CFLAGS="-I/usr/local/BerkeleyDB.4.8/include" \
CPPFLAGS="-I/usr/local/BerkeleyDB.4.8/include" \
LDFLAGS="-L/usr/local/BerkeleyDB.4.8/lib \
-R/usr/local/BerkeleyDB.4.8/lib"
./configure -C \
--prefix=/usr/local/openldap \
--enable-spasswd \
--with-cyrus-sasl \
--enable-syslog
- I've got my slapd.conf [1] in place and initialized my directory
- simple bind always works
- I want SASL with DIGEST-MD5 auth.
- when starting slapd with -d XXX (-d 256) SASL auth. works !!
$ ldapsearch -v -h localhost -p 10389 -LLL -U ldapadmin -D
"cn=ldapadmin,ou=Users,dc=hh,dc=supported,dc=de" -b
"ou=Users,dc=hh,dc=supported,dc=de" -s sub "cn=ldapadmin" '*'
ldap_initialize( ldap://localhost:10389 )
SASL/DIGEST-MD5 authentication started
Please enter your password:
SASL username: ldapadmin
SASL SSF: 128
SASL installing layers
filter: cn=ldapadmin
requesting: *
dn: cn=ldapadmin,ou=Users,dc=hh,dc=supported,dc=de
cn: ldapadmin
gidNumber: 5000
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: posixAccount
objectClass: person
objectClass: top
sn: Admin
uid: ldapadmin
uidNumber: 5000
homeDirectory: /tmp
userPassword:: ********
- when starting slapd without -d I get:
$ ldapsearch -v -h localhost -LLL -U ldapadmin -D
"cn=ldapadmin,ou=Users,dc=hh,dc=supported,dc=de" -b
"ou=Users,dc=hh,dc=supported,dc=de" -s sub "cn=ldapadmin"
ldap_initialize( ldap://localhost:10389 )
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Internal (implementation specific) error
(80)
additional info: SASL(-1): generic failure:
There's an additional problem in that slapd is not logging to syslogd. Cf.
below I configured "loglevel 8191", my syslog.conf contains:
local4.debug /var/log/openldap.log
Upon slapd startup I get two entries in the log, but nothing else, no
debugging:
Mar 4 12:48:10 os slapd[8083]: [ID 702911 local4.debug] @(#) $OpenLDAP:
slapd 2.4.21 (Mar 4 2010 12:12:43) $
Mar 4 12:48:10 os
ralph@os:/export/home/ralph/openldap-2.4.21/servers/slapd
Can anybody point me in the right direction? Thanks!
Cheers, Ralph
[1]
slapd.conf:
include /usr/local/openldap/etc/openldap/schema/core.schema
include /usr/local/openldap/etc/openldap/schema/cosine.schema
include /usr/local/openldap/etc/openldap/schema/nis.schema
include
/usr/local/openldap/etc/openldap/schema/inetorgperson.schema
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
loglevel 8191
moduleload back_hdb.la
##############
# I've added these in sick attempts
security ssf=0 sasl=0
sasl-secprops none
############
authz-regexp
uid=(.*),cn=DIGEST-MD5,cn=auth
cn=$1,ou=Users,dc=hh,dc=supported,dc=de
access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read
access to attrs=userPassword,shadowLastChange
by dn="cn=ldapadmin,ou=Users,dc=hh,dc=supported,dc=de" write
by anonymous auth
by self write
by * none
access to *
by dn="cn=ldapadmin,ou=Users,dc=hh,dc=supported,dc=de" write
by self write
by users read
by anonymous auth
rootdn "cn=root,ou=Users,dc=hh,dc=supported,dc=de"
rootpw ******
database hdb
suffix "dc=hh,dc=supported,dc=de"
directory /var/openldap
index objectClass eq