[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Help !! LDAP+SASL
Hello Everyone,
Sorry for such a long mail.. but i am in deep **** after 2 days of nonstop
head banging with OpenLDAP and Cyrus SASL .. ( my final goal is PAM / NSS )
i couldnt even manage to add a few entries to the openldap server
Please help
My current setup on Linux 7.1 looks like this.
I have Configured OpenLDAP with Following parameters
++++++++++++++++++++++++++
OpenLDAP: (Installation)
++++++++++++++++++++++++++
cd /usr/openldap-2.0.18
./configure --prefix=/usr --exec-prefix= --x-includes=/usr/include --x-libr
aries=/usr/lib --with-wrappers --with-cyrus-sasl --enable-slapd --enable-ipv
6=no --enable-crypt --enable-spasswd --with-tls --enable-kpasswd
make depend
make
make install
***********************************
Openldap Config Files :
***********************************
^^^^^^^^
slapd.conf
^^^^^^^^
pidfile /var/openldap/slapd.pid
argsfile /var/openldap/slapd.args
database ldbm
suffix "dc=rspllinux,dc=com"
#suffix "o=My Organization Name,c=US"
rootdn "cn=Manager,dc=rspllinux,dc=com"
#rootdn "cn=Manager,o=My Organization Name,c=US"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory /var/openldap/openldap-ldbm
# Indices to maintain
index objectClass eq
access to *
by self write
by users write
by dn="cn=Manager,dc=rspllinux,dc=com"
^^^^^^^^
ldap.conf
^^^^^^^^
host 127.0.0.1
I try to Enter new values in database with these
commands :
1)
$ ldapadd -D dn="cn=Manager,dc=rspllinux,dc=com" -f first.ldif -W
Enter LDAP Password: secret
ldap_sasl_interactive_bind_s: No such object
2)
ldapadd -D dn="cn=Manager,dc=rspllinux,dc=com" -f first.ldif -x
it gives me result
ldap_add: Insufficient access
ldif_record() = 50
3)
$ ldapadd -D dn="cn=Manager,dc=rspllinux,dc=com" -f first.ldif -x -W
Enter LDAP Password: secret
ldap_bind: Invalid credentials
^^^^^^^
first.ldif
^^^^^^^
dn: dc=rspllinux,dc=com
objectClass:dcObject
objectClass: organization
dc: Rishabh Software
o: Rishabh Software
4)
$ ldapsearch -h localhost -p 389 -x -b "" -s base -LLL ZZ
supportedSASLMechanisms
gives no result
5)
$ ldapsearch -h localhost -p 389 -x -b "" -s base -LLL
supportedSASLMechanisms
gives no result
6)
$ ldapsearch -h localhost -p 389 -x -b "dc=rspllinux,dc=com" -s base -LLL ZZ
supportedSASLMechanisms
No such object (32)
***************************************************
Server Dump on using slapd -d-1 when using command number (2)
****************************************************
daemon: activity on 1 descriptors
daemon: new connection on 9
daemon: conn=5 fd=9 connection from IP=127.0.0.1:1094 (IP=0.0.0.0:34049)
accepted.
daemon: added 9r
daemon: activity on:
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9)
connection_get(9): got connid=5
connection_read(9): checking for input on id=5
ber_get_next
ldap_read: want=1, got=1
0000: 30 0
ldap_read: want=1, got=1
0000: 33 3
ldap_read: want=51, got=51
0000: 02 01 01 60 2e 02 01 03 04 21 64 6e 3d 63 6e 3d ...`.....!dn=cn=
0010: 4d 61 6e 61 67 65 72 2c 64 63 3d 72 73 70 6c 6c Manager,dc=rspll
0020: 69 6e 75 78 2c 64 63 3d 63 6f 6d 80 06 73 65 63 inux,dc=com..sec
0030: 72 65 74 ret
ber_get_next: tag 0x30 len 51 contents:
ber_dump: buf=0x080dd5e0 ptr=0x080dd5e0 end=0x080dd613 len=51
0000: 02 01 01 60 2e 02 01 03 04 21 64 6e 3d 63 6e 3d ...`.....!dn=cn=
0010: 4d 61 6e 61 67 65 72 2c 64 63 3d 72 73 70 6c 6c Manager,dc=rspll
0020: 69 6e 75 78 2c 64 63 3d 63 6f 6d 80 06 73 65 63 inux,dc=com..sec
0030: 72 65 74 ret
ber_get_next
ldap_read: want=1 error=Resource temporarily unavailable
ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)
do_bind
ber_scanf fmt ({iat) ber:
ber_dump: buf=0x080dd5e0 ptr=0x080dd5e3 end=0x080dd613 len=48
0000: 60 2e 02 01 03 04 21 64 6e 3d 63 6e 3d 4d 61 6e `.....!dn=cn=Man
0010: 61 67 65 72 2c 64 63 3d 72 73 70 6c 6c 69 6e 75 ager,dc=rspllinu
0020: 78 2c 64 63 3d 63 6f 6d 80 06 73 65 63 72 65 74 x,dc=com..secret
ber_scanf fmt (o}) ber:
ber_dump: buf=0x080dd5e0 ptr=0x080dd60b end=0x080dd613 len=8
0000: 80 06 73 65 63 72 65 74 ..secret
do_bind: version=3 dn="dn=cn=Manager,dc=rspllinux,dc=com" method=128
conn=5 op=0 BIND dn="DN=CN=MANAGER,DC=RSPLLINUX,DC=COM" method=128
==> ldbm_back_bind: dn: dn=cn=Manager,dc=rspllinux,dc=com
dn2entry_r: dn: "DN=CN=MANAGER,DC=RSPLLINUX,DC=COM"
=> dn2id( "DN=CN=MANAGER,DC=RSPLLINUX,DC=COM" )
=> ldbm_cache_open( "dn2id.dbb", 7, 600 )
<= ldbm_cache_open (cache 0)
<= dn2id NOID
dn2entry_r: dn: "DC=RSPLLINUX,DC=COM"
=> dn2id( "DC=RSPLLINUX,DC=COM" )
=> ldbm_cache_open( "dn2id.dbb", 7, 600 )
<= ldbm_cache_open (cache 0)
<= dn2id NOID
send_ldap_result: conn=5 op=0 p=3
send_ldap_result: 49::
send_ldap_response: msgid=1 tag=97 err=49
ber_flush: 14 bytes to sd 9
0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 0....a...1....
ldap_write: want=14, written=14
0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 0....a...1....
conn=5 op=0 RESULT tag=97 err=49 text=
daemon: select: listen=6 active_threads=1 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9)
connection_get(9): got connid=5
connection_read(9): checking for input on id=5
ber_get_next
ldap_read: want=1, got=0
ber_get_next on fd 9 failed errno=0 (Success)
connection_read(9): input error=-2 id=5, closing.
connection_closing: readying conn=5 sd=9 for close
connection_close: conn=5 sd=9
daemon: removing 9
conn=-1 fd=9 closed
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0 tvp=NULL
*******************************************
End of Server Dump
*******************************************
++++++++++++++++++++
Cyrus-SASL : (Installation)
++++++++++++++++++++
cd /usr/cyrus-sasl-1.5.27
./configure --prefix=/usr --exec-prefix=/usr --with-gnu-ld --enable-cram --e
nable-digest --enable-gssapi --enable-anon --enable-plain --enable-login
make
make install
With Cyrus i can use saslpasswd and create new users with PLAIN, CRAM MD5
users and password
Have also successfully tested/ran client and server
Cheers,
Binoy
+++++++++++++++++++++++++++++++++++
5 out of 4 people don't understand fractions.
+++++++++++++++++++++++++++++++++++
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com