[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Strong authentication not supported
- To: <openldap-software@OpenLDAP.org>
- Subject: Strong authentication not supported
- From: "Fox" <lds0062@cdc.net>
- Date: Thu, 3 May 2001 15:39:23 -0400
- References: <D68B2C2749A4D311B4CE0008C7A4D82302AF303A@esealnt116> <20010115152623.E645@cp5340>
Hi,
I am trying to authenticate from perl-ldap via sasl to an openldap 2.07
server and I am getting a "Strong authentication not supported" error
message each time. This all works just fine with a regular bind without
sasl. Openldap is compiled with sasl, md5 support and the works.
My perl script, openldap configuration, openldap slapd.conf, openldap debug
results are below.
Does any have an idea what is happening? I can give more details if you
just let me know.
Thanks,
Fox
Here is my perl script:
#!/usr/bin/perl
use Net::LDAP;
use Authen::SASL;
$sasl = Authen::SASL->new('CRAM-MD5', password => 'mypassword');
$ldap = Net::LDAP->new('leconte.mckee.com') or die "$@";
$mesg = $ldap->bind('cn=Manager,dc=mckee,dc=com', sasl => $sasl, version =>
3);
print $mesg->error . "\n";
Here are the debug results from openldap v2.07 w(-d 1):
@(#) $OpenLDAP: slapd 2.0.7-Release (Thu May 3 15:12:17 EDT 2001) $
root@leconte.mckee.com:/usr/local/src/openldap-2.0.7/servers/slapd
daemon_init: listen on ldap:///
daemon_init: 1 listeners to open...
ldap_url_parse(ldap:///)
daemon: socket() failed errno=22 (Invalid argument)
daemon: initialized ldap:///
daemon_init: 1 listeners opened
slapd init: initiated server.
slap_sasl_init: initialized!
/opt/openldap/etc/openldap/slapd.conf: line 15: unknown directive
"cachesize" ou
tside backend info and database definitions (ignored)
/opt/openldap/etc/openldap/slapd.conf: line 16: unknown directive
"dbcachesize"
outside backend info and database definitions (ignored)
slapd startup: initiated.
slapd starting
ldap_pvt_gethostbyname_a: host=leconte.mckee.com, r=0
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 48 contents:
do_bind
ber_get_next
ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)
ber_scanf fmt ({iat) ber:
ber_scanf fmt ({a) ber:
ber_scanf fmt (}}) ber:
do_sasl_bind: dn (cn=Manager,dc=mckee,dc=com) mech CRAM-MD5
send_ldap_result: conn=0 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=7
ber_flush: 14 bytes to sd 9
<== slap_sasl_bind: rc=7
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ber_get_next on fd 9 failed errno=0 (Success)
connection_read(9): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=9 for close
connection_close: conn=0 sd=9
Here is the script I used to compile openldap v2.07:
LDFLAGS=-L/opt/openssl/lib CPPFLAGS=-I/opt/openssl/include \
./configure --prefix=/opt/openldap --with-cyrus-sasl --enable-spasswd --enab
le-crypt --with-tls
make depend
make
make install
Here is my slapd.conf:
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26 17:06:18
kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /opt/openldap/etc/openldap/schema/core.schema
# Global schemas added by Charles
include /opt/openldap/etc/openldap/schema/cosine.schema
include /opt/openldap/etc/openldap/schema/inetorgperson.schema
# Local schemas added by Charles
include /opt/openldap/etc/openldap/schema/local.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /opt/openldap/var/slapd.pid
argsfile /opt/openldap/var/slapd.args
# Load dynamic backend modules:
# modulepath /opt/openldap/libexec/openldap
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
# Global stuff added by Charles
defaultaccess none
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
suffix "dc=mckee, dc=com"
rootdn "cn=Manager, dc=mckee, dc=com"
index employeeNumber eq
index cn eq,subinitial,subany
index givenName subinitial
index displayName subinitial
index uid eq
index mckeeSecondaryUids eq
index sn eq,subinitial
index employeeType eq
index mckeeEmploymentStatus eq
index mckeeSSN eq
index mckeeUnixNumber eq
# Performance stuff added by Charles
cachesize 20000
dbcachesize 100000000
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw mypassword
# The database directory MUST exist prior to running slapd AND
# should only be accessable by the slapd/tools. Mode 700 recommended.
directory /opt/openldap/var/openldap-ldbm
# Indices to maintain
index objectClass eq