[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL authentication problem



Hi!, 

I have the following problem:

I'm trying to authenticate the 

rootdn  uid=giuseppe@prof.mi.infn.it

using sasl (openldap 2.0.4 + cyrus SASL 1.5.24).

Here is some configuration
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
/etc/sasldb
user: giuseppe realm: prof.mi.infn.it mech: DIGEST-MD5
user: giuseppe realm: prof.mi.infn.it mech: PLAIN
user: giuseppe realm: prof.mi.infn.it mech: CRAM-MD5
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
ldap.conf
sasl-realm prof.mi.infn.it
sasl-host prof.mi.infn.it
rootdn          "uid=giuseppe@prof.mi.infn.it"
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

when I use ldapsearch with the following syntax I cant't authenticate to
the server:

% ldapsearch -D "uid=giuseppe@prof.mi.infn.it" "objectclass=*"    
SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Can't contact LDAP server

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

% ldapsearch -D "uid=giuseppe@prof.mi.infn.it" "objectclass=*"    

[...]

ber_get_next
ber_get_next: tag 0x30 len 50 contents:
ber_dump: buf 0x8068f90, ptr 0x8068f90, end 0x8068fc2
        02 01 00  x  - 0a 01 02 04 00 04 0e  d  e  c  o
         d  i  n  g 20  e  r  r  o  r 8a 16  1  .  3  .
         6  .  1  .  4  .  1  .  1  4  6  6  .  2  0  0
         3  6 
no request for response with msgid 0 (tossing)
** Connections:
* host: prof.mi.infn.it  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Tue Sep 26 17:47:23 2000
** Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
do_ldap_select
read1msg
ber_get_next
ber_get_next failed.
ldap_perror
ldap_sasl_interactive_bind_s: Can't contact LDAP server

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

I also have:

% ldapsearch  -b "" -x -s base "objectclass=*" SupportedSASLmechanisms 
version: 2

dn:
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

It seems that the server returns something like "decoding error...".
It is not true that I "Can't contact LDAP server". I have no proplem with
simple authentication.

Were do I go wrong? Any idea?

Giuseppe