[Date Prev][Date Next] [Chronological] [Thread] [Top]

Strong Auth with openldap. (Weird behaviour !)



Ok.
I solved the problem with sasl Auth myself.
It works only with thwe user is in the sasldb with the responsible realm.
And now something different but weird.
I only wanted to get "exop"  working to change the password on the server
using md5 password hashing.
I read in the rfc that xou have to use strong authentication to do so.
Ok, i thought, strong authentication ?
Do i  have it already  or not ?
Furthermore i read that only bindings with password hashing will work no
anonymous binds.
So i traced what happened, if i try to change my password as user with
passwd:
test@test:~$ passwd
Enter login(LDAP) password:  (that worked).
New password:
Re-enter new password:
LDAP password information update failed: Strong authentication required.
What's this.
First the bind is made up with the Manager, to check if the old password is
right, and that should be right.
But, what's that !!!!
Then a anonymous bind as made, and of course the extended_op is not working
and the server returns send_ldap_extended 8: (0), which means strong auth
required.
Logfile:

Apr 15 15:57:34 mail slapd[22105]:do_bind
Apr 15 15:57:34 mail slapd[22085]: ber_get_next on fd 17 failed errno=11
(Resource temporarily unavailable)
Apr 15 15:57:34 mail slapd[22105]: do_bind: version=3 dn
="cn=Manager,dc=TEST,dc=ORG" method=128
Apr 15 15:57:34 mail slapd[22105]: conn=32 op=3 BIND dn
="CN=MANAGER,DC=TEST,DC=ORG" method=128
Apr 15 15:57:34 mail slapd[22105]: send_ldap_result: conn=32 op=3 p=3
Apr 15 15:57:34 mail slapd[22105]: send_ldap_response: msgid=4 tag=97 err=0
Apr 15 15:57:34 mail slapd[22105]: conn=32 op=3 RESULT tag=97 err=0 text=
Apr 15 15:57:34 mail slapd[22105]: do_bind: v3 anonymous bind
Apr 15 15:57:54 mail slapd[22085]: connection_get(17): got connid=32
Apr 15 15:57:54 mail slapd[22085]: connection_read(17): checking for input
on id=32
Apr 15 15:57:54 mail slapd[22106]: do_extended
Apr 15 15:57:54 mail slapd[22106]: send_ldap_extended 8: (0)
Apr 15 15:57:54 mail slapd[22106]: send_ldap_response: msgid=5 tag=120
err=8
Apr 15 15:57:54 mail slapd[22085]: ber_get_next on fd 17 failed errno=11
(Resource temporarily unavailable)
Apr 15 15:58:19 mail slapd[22085]: connection_get(17): got connid=32
Apr 15 15:58:19 mail slapd[22085]: connection_read(17): checking for input
on id=32
Apr 15 15:58:19 mail slapd[22105]: do_unbind
Apr 15 15:58:19 mail slapd[22105]: conn=32 op=5 UNBIND

Does anyone know how to get strong auth working (exop) ?
I would be plaesed if anyone can solve the problem or have the same error
like me.
I searched the source code of pam_ldap but didn't find any mistake
regarding the ex_op.

Thx in advance

Franz

____________________________________________________
Franz Skale
mainwork information technology AG
IT-Services
Tech Gate Vienna
Donaucitystrasse 1
A-1220 Wien
Tel: +43 1 333 48 58-0
Fax: +43 1 333 48 58-24
e-mail: f.skale@mainwork.com
Internet: http://www.mainwork.com