[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
SASL authentication problem
Hi!,
I have the following problem:
I'm trying to authenticate the
rootdn uid=giuseppe@prof.mi.infn.it
using sasl (openldap 2.0.4 + cyrus SASL 1.5.24).
Here is some configuration
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
/etc/sasldb
user: giuseppe realm: prof.mi.infn.it mech: DIGEST-MD5
user: giuseppe realm: prof.mi.infn.it mech: PLAIN
user: giuseppe realm: prof.mi.infn.it mech: CRAM-MD5
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
ldap.conf
sasl-realm prof.mi.infn.it
sasl-host prof.mi.infn.it
rootdn "uid=giuseppe@prof.mi.infn.it"
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
when I use ldapsearch with the following syntax I cant't authenticate to
the server:
% ldapsearch -D "uid=giuseppe@prof.mi.infn.it" "objectclass=*"
SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Can't contact LDAP server
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
% ldapsearch -D "uid=giuseppe@prof.mi.infn.it" "objectclass=*"
[...]
ber_get_next
ber_get_next: tag 0x30 len 50 contents:
ber_dump: buf 0x8068f90, ptr 0x8068f90, end 0x8068fc2
02 01 00 x - 0a 01 02 04 00 04 0e d e c o
d i n g 20 e r r o r 8a 16 1 . 3 .
6 . 1 . 4 . 1 . 1 4 6 6 . 2 0 0
3 6
no request for response with msgid 0 (tossing)
** Connections:
* host: prof.mi.infn.it port: 389 (default)
refcnt: 2 status: Connected
last used: Tue Sep 26 17:47:23 2000
** Outstanding Requests:
* msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
** Response Queue:
Empty
do_ldap_select
read1msg
ber_get_next
ber_get_next failed.
ldap_perror
ldap_sasl_interactive_bind_s: Can't contact LDAP server
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
I also have:
% ldapsearch -b "" -x -s base "objectclass=*" SupportedSASLmechanisms
version: 2
dn:
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
It seems that the server returns something like "decoding error...".
It is not true that I "Can't contact LDAP server". I have no proplem with
simple authentication.
Were do I go wrong? Any idea?
Giuseppe