[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SASL authentication problem



On Thu, 28 Sep 2000, Mayers, Philip J wrote:

> I'm seeing the same problem. The OpenLDAP is an all-2.0.4 installation,
> using cyrus-sasl 1.5.24 (as comes with RedHat 7.0, recompiled with gssapi
> support) and MIT Kerberos 1.2 (as comes with RedHat 7.0). "Decoding Error"
> is returned. I can provide any diagnostics necessary.
> 
> Rolling back to 2.0.3 solves the problem completely.


I reinstalled everything to be sure. Here are details of the problem that 
I encountered, hope that helps:

./configure \   
  --with-cyrus-sasl \
  --with-threads \
  --with-tls \
  --enable-spasswd \
  --enable-aci

openldap 2.0.4 + cyrus SASL 1.5.24

CONFIGURATION -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
/etc/sasldb
user: giuseppe realm: prof.mi.infn.it mech: DIGEST-MD5
user: giuseppe realm: prof.mi.infn.it mech: PLAIN
user: giuseppe realm: prof.mi.infn.it mech: CRAM-MD5
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
ldap.conf
sasl-realm prof.mi.infn.it
sasl-host prof.mi.infn.it
rootdn          "uid=giuseppe@prof.mi.infn.it"


COMMAND -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
% ldapsearch -D "uid=giuseppe@prof.mi.infn.it" "objectclass=*" 
SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Can't contact LDAP server


_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_
ldapsearch  -b "" -x -s base "objectclass=*" SupportedSASLmechanisms 
version: 2

dn:
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5


SERVER DIAG _+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_
daemon: select: listen=6 active_threads=1 tvp=NULL
daemon: select: listen=7 active_threads=1 tvp=NULL
do_bind
ber_scanf fmt ({iat) ber:
ber_dump: buf 0x80d7080, ptr 0x80d7083, end 0x80d70b4
         `  / 02 01 03 04 1c  u  i  d  =  g  i  u  s  e
         p  p  e  @  p  r  o  f  .  m  i  .  i  n  f  n
         .  i  t a3 0c 04 0a  D  I  G  E  S  T  -  M  D
         5 
ber_scanf fmt ({a) ber:
ber_dump: buf 0x80d7080, ptr 0x80d70a6, end 0x80d70b4
        a3 0c 04 0a  D  I  G  E  S  T  -  M  D  5 
send_ldap_disconnect 2:decoding error
send_ldap_response: msgid=0 tag=120 err=2
ber_flush: 52 bytes to sd 10


CLIENT DIAG _+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_
** Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
do_ldap_select
read1msg
ber_get_next
ber_get_next: tag 0x30 len 50 contents:
ber_dump: buf 0x8068fd0, ptr 0x8068fd0, end 0x8069002
        02 01 00  x  - 0a 01 02 04 00 04 0e  d  e  c  o
         d  i  n  g 20  e  r  r  o  r 8a 16  1  .  3  .
         6  .  1  .  4  .  1  .  1  4  6  6  .  2  0  0
         3  6 
no request for response with msgid 0 (tossing)
** Connections:
* host: prof.mi.infn.it  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Thu Sep 28 19:13:39 2000

** Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:

_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+