[Date Prev][Date Next] [Chronological] [Thread] [Top]

Help !! LDAP+SASL



Hello Everyone,

Sorry for such a long mail.. but i am in deep **** after 2 days of nonstop
head banging with OpenLDAP and Cyrus SASL .. ( my final goal is PAM / NSS )
i couldnt even manage to add a few entries to the openldap server
Please help

My current setup on Linux 7.1 looks like this.

I have Configured OpenLDAP with Following parameters

++++++++++++++++++++++++++
OpenLDAP: (Installation)
++++++++++++++++++++++++++

cd /usr/openldap-2.0.18

./configure --prefix=/usr --exec-prefix=  --x-includes=/usr/include --x-libr
aries=/usr/lib --with-wrappers --with-cyrus-sasl --enable-slapd --enable-ipv
6=no --enable-crypt --enable-spasswd --with-tls --enable-kpasswd

make depend

make

make install

***********************************
Openldap Config Files :
***********************************

^^^^^^^^
slapd.conf
^^^^^^^^

pidfile         /var/openldap/slapd.pid
argsfile        /var/openldap/slapd.args

database        ldbm
suffix          "dc=rspllinux,dc=com"
#suffix         "o=My Organization Name,c=US"
rootdn          "cn=Manager,dc=rspllinux,dc=com"
#rootdn         "cn=Manager,o=My Organization Name,c=US"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw          secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory       /var/openldap/openldap-ldbm
# Indices to maintain
index   objectClass     eq
access to *
        by self write
        by users write
        by dn="cn=Manager,dc=rspllinux,dc=com"

^^^^^^^^
ldap.conf
^^^^^^^^

host    127.0.0.1


I try to Enter new values in database with these
commands :

1)
$ ldapadd -D dn="cn=Manager,dc=rspllinux,dc=com" -f first.ldif -W
Enter LDAP Password: secret
ldap_sasl_interactive_bind_s: No such object

2)
ldapadd -D dn="cn=Manager,dc=rspllinux,dc=com" -f first.ldif -x
it gives me result
ldap_add: Insufficient access

ldif_record() = 50

3)
$ ldapadd -D dn="cn=Manager,dc=rspllinux,dc=com" -f first.ldif -x -W
Enter LDAP Password: secret
ldap_bind: Invalid credentials

^^^^^^^
first.ldif
^^^^^^^
dn: dc=rspllinux,dc=com
objectClass:dcObject
objectClass: organization
dc: Rishabh Software
o: Rishabh Software

4)
$ ldapsearch -h localhost -p 389 -x -b "" -s base -LLL ZZ
supportedSASLMechanisms
gives no result

5)
$ ldapsearch -h localhost -p 389 -x -b "" -s base -LLL
supportedSASLMechanisms
gives no result

6)
$ ldapsearch -h localhost -p 389 -x -b "dc=rspllinux,dc=com" -s base -LLL ZZ
supportedSASLMechanisms

No such object (32)

***************************************************
Server Dump on using slapd -d-1 when using command number (2)
****************************************************
daemon: activity on 1 descriptors
daemon: new connection on 9
daemon: conn=5 fd=9 connection from IP=127.0.0.1:1094 (IP=0.0.0.0:34049)
accepted.
daemon: added 9r
daemon: activity on:
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9)
connection_get(9): got connid=5
connection_read(9): checking for input on id=5
ber_get_next
ldap_read: want=1, got=1
  0000:  30                                                 0
ldap_read: want=1, got=1
  0000:  33                                                 3
ldap_read: want=51, got=51
  0000:  02 01 01 60 2e 02 01 03  04 21 64 6e 3d 63 6e 3d   ...`.....!dn=cn=
  0010:  4d 61 6e 61 67 65 72 2c  64 63 3d 72 73 70 6c 6c   Manager,dc=rspll
  0020:  69 6e 75 78 2c 64 63 3d  63 6f 6d 80 06 73 65 63   inux,dc=com..sec
  0030:  72 65 74                                           ret
ber_get_next: tag 0x30 len 51 contents:
ber_dump: buf=0x080dd5e0 ptr=0x080dd5e0 end=0x080dd613 len=51
  0000:  02 01 01 60 2e 02 01 03  04 21 64 6e 3d 63 6e 3d   ...`.....!dn=cn=
  0010:  4d 61 6e 61 67 65 72 2c  64 63 3d 72 73 70 6c 6c   Manager,dc=rspll
  0020:  69 6e 75 78 2c 64 63 3d  63 6f 6d 80 06 73 65 63   inux,dc=com..sec
  0030:  72 65 74                                           ret
ber_get_next
ldap_read: want=1 error=Resource temporarily unavailable
ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)
do_bind
ber_scanf fmt ({iat) ber:
ber_dump: buf=0x080dd5e0 ptr=0x080dd5e3 end=0x080dd613 len=48
  0000:  60 2e 02 01 03 04 21 64  6e 3d 63 6e 3d 4d 61 6e   `.....!dn=cn=Man
  0010:  61 67 65 72 2c 64 63 3d  72 73 70 6c 6c 69 6e 75   ager,dc=rspllinu
  0020:  78 2c 64 63 3d 63 6f 6d  80 06 73 65 63 72 65 74   x,dc=com..secret
ber_scanf fmt (o}) ber:
ber_dump: buf=0x080dd5e0 ptr=0x080dd60b end=0x080dd613 len=8
  0000:  80 06 73 65 63 72 65 74                            ..secret
do_bind: version=3 dn="dn=cn=Manager,dc=rspllinux,dc=com" method=128
conn=5 op=0 BIND dn="DN=CN=MANAGER,DC=RSPLLINUX,DC=COM" method=128
==> ldbm_back_bind: dn: dn=cn=Manager,dc=rspllinux,dc=com
dn2entry_r: dn: "DN=CN=MANAGER,DC=RSPLLINUX,DC=COM"
=> dn2id( "DN=CN=MANAGER,DC=RSPLLINUX,DC=COM" )
=> ldbm_cache_open( "dn2id.dbb", 7, 600 )
<= ldbm_cache_open (cache 0)
<= dn2id NOID
dn2entry_r: dn: "DC=RSPLLINUX,DC=COM"
=> dn2id( "DC=RSPLLINUX,DC=COM" )
=> ldbm_cache_open( "dn2id.dbb", 7, 600 )
<= ldbm_cache_open (cache 0)
<= dn2id NOID
send_ldap_result: conn=5 op=0 p=3
send_ldap_result: 49::
send_ldap_response: msgid=1 tag=97 err=49
ber_flush: 14 bytes to sd 9
  0000:  30 0c 02 01 01 61 07 0a  01 31 04 00 04 00         0....a...1....
ldap_write: want=14, written=14
  0000:  30 0c 02 01 01 61 07 0a  01 31 04 00 04 00         0....a...1....
conn=5 op=0 RESULT tag=97 err=49 text=
daemon: select: listen=6 active_threads=1 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9)
connection_get(9): got connid=5
connection_read(9): checking for input on id=5
ber_get_next
ldap_read: want=1, got=0

ber_get_next on fd 9 failed errno=0 (Success)
connection_read(9): input error=-2 id=5, closing.
connection_closing: readying conn=5 sd=9 for close
connection_close: conn=5 sd=9
daemon: removing 9
conn=-1 fd=9 closed
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0 tvp=NULL

*******************************************
End of Server Dump
*******************************************

++++++++++++++++++++
Cyrus-SASL : (Installation)
++++++++++++++++++++

cd /usr/cyrus-sasl-1.5.27

./configure --prefix=/usr --exec-prefix=/usr --with-gnu-ld --enable-cram --e
nable-digest --enable-gssapi --enable-anon --enable-plain --enable-login

make

make install

With Cyrus i can use saslpasswd and create new users with PLAIN, CRAM  MD5
users and password
Have also successfully tested/ran client and server

Cheers,

Binoy

+++++++++++++++++++++++++++++++++++
    5 out of 4 people don't understand fractions.
+++++++++++++++++++++++++++++++++++



_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com