[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL authentication problem

To: openldap-software@OpenLDAP.org
Subject: SASL authentication problem
From: Giuseppe Lo Biondo <Giuseppe.LoBiondo@mi.infn.it>
Date: Tue, 26 Sep 2000 18:07:32 +0200 (CEST)
In-reply-to: <20000914101854.A1318@thor.ice-dev.com>

Hi!, 

I have the following problem:

I'm trying to authenticate the 

rootdn  uid=giuseppe@prof.mi.infn.it

using sasl (openldap 2.0.4 + cyrus SASL 1.5.24).

Here is some configuration
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
/etc/sasldb
user: giuseppe realm: prof.mi.infn.it mech: DIGEST-MD5
user: giuseppe realm: prof.mi.infn.it mech: PLAIN
user: giuseppe realm: prof.mi.infn.it mech: CRAM-MD5
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
ldap.conf
sasl-realm prof.mi.infn.it
sasl-host prof.mi.infn.it
rootdn          "uid=giuseppe@prof.mi.infn.it"
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

when I use ldapsearch with the following syntax I cant't authenticate to
the server:

% ldapsearch -D "uid=giuseppe@prof.mi.infn.it" "objectclass=*"    
SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Can't contact LDAP server

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

% ldapsearch -D "uid=giuseppe@prof.mi.infn.it" "objectclass=*"    

[...]

ber_get_next
ber_get_next: tag 0x30 len 50 contents:
ber_dump: buf 0x8068f90, ptr 0x8068f90, end 0x8068fc2
        02 01 00  x  - 0a 01 02 04 00 04 0e  d  e  c  o
         d  i  n  g 20  e  r  r  o  r 8a 16  1  .  3  .
         6  .  1  .  4  .  1  .  1  4  6  6  .  2  0  0
         3  6 
no request for response with msgid 0 (tossing)
** Connections:
* host: prof.mi.infn.it  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Tue Sep 26 17:47:23 2000
** Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
do_ldap_select
read1msg
ber_get_next
ber_get_next failed.
ldap_perror
ldap_sasl_interactive_bind_s: Can't contact LDAP server

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

I also have:

% ldapsearch  -b "" -x -s base "objectclass=*" SupportedSASLmechanisms 
version: 2

dn:
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

It seems that the server returns something like "decoding error...".
It is not true that I "Can't contact LDAP server". I have no proplem with
simple authentication.

Were do I go wrong? Any idea?

Giuseppe

Follow-Ups:
- Re: SASL authentication problem
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- No such attribute using SASL
  - From: "Joseph A. Martin" <martinja@ice-works.com>

Prev by Date: Re: Re. Attribute Types and Max Size.
Next by Date: Cyrus and OpenLDAP 2.0
Index(es):
- Chronological
- Thread