[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL's for SASL compat.

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: ACL's for SASL compat.
From: Marc Heckmann <heckmann@hbesoftware.com>
Date: Fri, 6 Oct 2000 16:35:02 -0400
Cc: openldap-software@OpenLDAP.org
Content-disposition: inline
In-reply-to: <5.0.0.25.0.20001006123019.00a3cbe0@router.boolean.net>; from Kurt@OpenLDAP.org on Fri, Oct 06, 2000 at 12:39:45PM -0700
References: <5.0.0.25.0.20001003150536.00a41520@router.boolean.net> <20001003171559.B7227@hbesoftware.com> <5.0.0.25.0.20001003150536.00a41520@router.boolean.net> <20001003205221.A17171@hbesoftware.com> <5.0.0.25.0.20001004085440.00a7be00@router.boolean.net> <5.0.0.25.0.20001004103651.00a30eb0@router.boolean.net> <39DB7DCC.F20B994B@hbesoftware.com> <5.0.0.25.0.20001004143821.00a69960@router.boolean.net> <20001006150945.D7227@hbesoftware.com> <5.0.0.25.0.20001006123019.00a3cbe0@router.boolean.net>
User-agent: Mutt/1.2.5i

On Fri, Oct 06, 2000 at 12:39:45PM -0700, Kurt D. Zeilenga wrote:
> 
> The bind was successful, what's the authorization DN (subject DN)
> reported in slapd.conf?  (don't confuse the authzid with the
> authorization DN, they differ).  Enable TRACE (1) debugging!

ok, sorry I got confused reading the slapd.conf man page, I thought trace was "loglevel 4", I now see that it is 1, anyway it's getting stranger. when set loglevel to 1 (no other changes)
I get a "Can't contact ldap server" error"

[root@schoenberg openldap]# /usr/local/bin/ldapmodify    -Y DIGEST-MD5  -U testuser -f /tmp/modify.ldif
SASL/DIGEST-MD5 authentication started
Please enter your password: 
SASL username: testuser
SASL realm: schoenberg
SASL SSF: 128
SASL installing layers
modifying entry "uid=testuser,portalId=ADBE,ou=People,o=RedGorilla"
ldap_modify: Can't contact LDAP server

ldif_record() = 81


here is the trace:

Oct  6 16:31:49 schoenberg slapd[9295]: connection_get(9): got connid=1 
Oct  6 16:31:49 schoenberg slapd[9295]: connection_read(9): checking for input on id=1 
Oct  6 16:31:49 schoenberg slapd[9295]: ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable) 
Oct  6 16:31:49 schoenberg slapd[9297]: do_bind 
Oct  6 16:31:49 schoenberg slapd[9297]: do_sasl_bind: dn () mech DIGEST-MD5 
Oct  6 16:31:50 schoenberg slapd[9297]: SASL Authorize [conn=1]: "testuser" as "u:testuser" 
Oct  6 16:31:50 schoenberg slapd[9297]: slap_sasl_bind: username="u:testuser" realm="schoenberg" ssf=128 
Oct  6 16:31:50 schoenberg slapd[9297]: <== slap_sasl_bind: authzdn: "uid=testuser + realm=schoenberg" 
Oct  6 16:31:50 schoenberg slapd[9297]: send_ldap_sasl: err=0 len=-1 
Oct  6 16:31:50 schoenberg slapd[9297]: send_ldap_response: msgid=3 tag=97 err=0 
Oct  6 16:31:50 schoenberg slapd[9297]: <== slap_sasl_bind: rc=0 
Oct  6 16:31:50 schoenberg slapd[9295]: connection_get(9): got connid=1 
Oct  6 16:31:50 schoenberg slapd[9295]: connection_read(9): checking for input on id=1 
Oct  6 16:31:50 schoenberg slapd[9295]: ber_get_next on fd 9 failed errno=0 (Success) 
Oct  6 16:31:50 schoenberg slapd[9295]: connection_read(9): input error=-2 id=1, closing. 
Oct  6 16:31:50 schoenberg slapd[9295]: connection_closing: readying conn=1 sd=9 for close 
Oct  6 16:31:50 schoenberg slapd[9295]: connection_close: deferring conn=1 sd=9 
Oct  6 16:31:50 schoenberg slapd[9297]: connection_resched: attempting closing conn=1 sd=9 
Oct  6 16:31:50 schoenberg slapd[9297]: connection_close: conn=1 sd=9 

I do not get this error at loglevel 4.

	Cheers,

-- 
	Marc Heckmann  -  Network Operations  
        HBE Software/Opendesk.Com
        heckmann@hbesoftware.com www.hbesoftware.com
        heckmann@opendesk.com www.opendesk.com
        Tel. (514) 876-7881 ext. 219
        Fax. (514) 876-9223

Follow-Ups:
- Re: ACL's for SASL compat.
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Re: ACL's for SASL compat.
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- ACL's for SASL compat.
  - From: Marc Heckmann <heckmann@hbesoftware.com>
- Re: ACL's for SASL compat.
  - From: Marc Heckmann <heckmann@hbesoftware.com>
- Re: ACL's for SASL compat.
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: ACL's for SASL compat.
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: ACL's for SASL compat.
  - From: Marc Heckmann <heckmann@hbesoftware.com>
- Re: ACL's for SASL compat.
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: ACL's for SASL compat.
  - From: Marc Heckmann <heckmann@hbesoftware.com>

Prev by Date: SSL support
Next by Date: OpenLDAP schemas's format?
Index(es):
- Chronological
- Thread