[Date Prev][Date Next] [Chronological] [Thread] [Top]

openldap 2.1 problems...



**ThierryW wrote:

2 questions :*

*First one, starting ssl or tls search failed with :*
TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept.
TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca s3_pkt.c:985
where it worked with 2.0.23 ?? What's wrong


***Second question :*
my config. : openldap2.1.2 sasl1.5
I cannot perform a search :
in slapd.conf (only what's important): *

********************************
TLSCertificateFile      /usr/local/ssl/certs/certmorangis.pem
TLSCertificateKeyFile   /usr/local/ssl/certs/certmorangis.pem
TLSCACertificateFile    /usr/local/ssl/certs/certmorangis.pem

# Schema and objectClass definitions

sasl-realm             intranet.fr
sasl-host               openmail.intranet.fr
#sasl-secprops          none

database    bdb
directory       /usr/ldap/var/openldap-data
suffix        "dc=intranet,dc=fr"
rootdn    "uid=master1,ou=admins,o=firm,dc=intranet,dc=fr"

saslRegexp
uid=(.*),cn=intranet.fr,cn=DIGEST-MD5,cn=auth
uid=$1,ou=admins,o=firm,dc=intranet,dc=fr

#ldap://openmail.intranet.fr/ou=admins,o=mairie,dc=intranet,dc=fr??sub?uid=$1


access to * by dn="uid=master1\\+realm=intranet.fr" write by * read

#by dn="uid=master1.*\+realm=openmail.intranet.fr"  write

access to attr=userPassword
      by self write
      by anonymous auth
      by * none
*****************************************************

*Like notice in 2.1 admin guide :
ldapsearch -h openmail.intranet.fr -X "u:master1" or -I or whatever you want... I got with slapd debug: *
......
daemon: conn=2 fd=13 connection from IP=192.0.1.252:33951 (IP=192.0.1.252:389) accepted.
daemon: added 13r
daemon: activity on:
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 13r
daemon: read activity on 13
connection_get(13)
connection_get(13): got connid=2
connection_read(13): checking for input on id=2
ber_get_next
ldap_read: want=9, got=9
0000: 30 3e 02 01 01 63 39 04 00 0>...c9..
ldap_read: want=55, got=55
0000: 0a 01 00 0a 01 00 02 01 00 02 01 00 01 01 00 87 ................
0010: 0b 6f 62 6a 65 63 74 63 6c 61 73 73 30 19 04 17 .objectclass0...
0020: 73 75 70 70 6f 72 74 65 64 53 41 53 4c 4d 65 63 supportedSASLMec
0030: 68 61 6e 69 73 6d 73 hanisms
ber_get_next: tag 0x30 len 62 contents:
ber_dump: buf=0x081ec430 ptr=0x081ec430 end=0x081ec46e len=62
0000: 02 01 01 63 39 04 00 0a 01 00 0a 01 00 02 01 00 ...c9...........
0010: 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 74 63 6c ........objectcl
0020: 61 73 73 30 19 04 17 73 75 70 70 6f 72 74 65 64 ass0...supported
0030: 53 41 53 4c 4d 65 63 68 61 6e 69 73 6d 73 SASLMechanisms
ber_get_next
ldap_read: want=9 error=Resource temporarily unavailable
ber_get_next on fd 13 failed errno=11 (Resource temporarily unavailable)
do_search
ber_scanf fmt ({miiiib) ber:
ber_dump: buf=0x081ec430 ptr=0x081ec433 end=0x081ec46e len=59
0000: 63 39 04 00 0a 01 00 0a 01 00 02 01 00 02 01 00 c9..............
0010: 01 01 00 87 0b 6f 62 6a 65 63 74 63 6c 61 73 73 .....objectclass
0020: 30 19 04 17 73 75 70 70 6f 72 74 65 64 53 41 53 0...supportedSAS
0030: 4c 4d 65 63 68 61 6e 69 73 6d 73 LMechanisms
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
SRCH "" 0 0 0 0 0
begin get_filter
PRESENT
ber_scanf fmt (m) ber:
ber_dump: buf=0x081ec430 ptr=0x081ec446 end=0x081ec46e len=40
0000: 87 0b 6f 62 6a 65 63 74 63 6c 61 73 73 30 19 04 ..objectclass0..
0010: 17 73 75 70 70 6f 72 74 65 64 53 41 53 4c 4d 65 .supportedSASLMe
0020: 63 68 61 6e 69 73 6d 73 chanisms
end get_filter 0
filter: (objectClass=*)
ber_scanf fmt ({M}}) ber:
ber_dump: buf=0x081ec430 ptr=0x081ec453 end=0x081ec46e len=27
0000: 00 19 04 17 73 75 70 70 6f 72 74 65 64 53 41 53 ....supportedSAS
0010: 4c 4d 65 63 68 61 6e 69 73 6d 73 LMechanisms
attrs: supportedSASLMechanisms
conn=2 op=0 SRCH base="" scope=0 filter="(objectClass=*)"
=> test_filter
PRESENT
=> access_allowed: search access to "" "objectClass" requested
=> acl_get: [1] check attr objectClass
<= acl_get: [1] acl attr: objectClass
=> acl_mask: access to entry "", attr "objectClass" requested
=> acl_mask: to all values by "", (=n)
<= check a_dn_pat: uid=master1\+realm=intranet.fr
=> string_expand: pattern: uid=master1\+realm=intranet.fr
=> string_expand: expanded: uid=master1\+realm=intranet.fr
=> regex_matches: string:
=> regex_matches: rc: 1 no matches
<= check a_dn_pat: *
<= acl_mask: [4] applying read(=rscx) (stop)
<= acl_mask: [4] mask: read(=rscx)
=> access_allowed: search access granted by read(=rscx)
<= test_filter 6
=> send_search_entry: dn=""
=> access_allowed: read access to "" "entry" requested
=> acl_get: [1] check attr entry
<= acl_get: [1] acl attr: entry
=> acl_mask: access to entry "", attr "entry" requested
=> acl_mask: to all values by "", (=n)
<= check a_dn_pat: uid=master1\+realm=intranet.fr
=> string_expand: pattern: uid=master1\+realm=intranet.fr
=> string_expand: expanded: uid=master1\+realm=intranet.fr
=> regex_matches: string:
=> regex_matches: rc: 1 no matches
<= check a_dn_pat: *
<= acl_mask: [4] applying read(=rscx) (stop)
<= acl_mask: [4] mask: read(=rscx)
=> access_allowed: read access granted by read(=rscx)
=> access_allowed: read access to "" "supportedSASLMechanisms" requested
=> acl_get: [1] check attr supportedSASLMechanisms
<= acl_get: [1] acl attr: supportedSASLMechanisms
=> acl_mask: access to entry "", attr "supportedSASLMechanisms" requested
=> acl_mask: to all values by "", (=n)
<= check a_dn_pat: uid=master1\+realm=intranet.fr
=> string_expand: pattern: uid=master1\+realm=intranet.fr
=> string_expand: expanded: uid=master1\+realm=intranet.fr
=> regex_matches: string:
=> regex_matches: rc: 1 no matches
<= check a_dn_pat: *
<= acl_mask: [4] applying read(=rscx) (stop)
<= acl_mask: [4] mask: read(=rscx)
=> access_allowed: read access granted by read(=rscx)
ber_flush: 52 bytes to sd 13
0000: 30 32 02 01 01 64 2d 04 00 30 29 30 27 04 17 73 02...d-..0)0'..s
0010: 75 70 70 6f 72 74 65 64 53 41 53 4c 4d 65 63 68 upportedSASLMech
0020: 61 6e 69 73 6d 73 31 0c 04 0a 44 49 47 45 53 54 anisms1...DIGEST
0030: 2d 4d 44 35 -MD5
ldap_write: want=52, written=52
0000: 30 32 02 01 01 64 2d 04 00 30 29 30 27 04 17 73 02...d-..0)0'..s
0010: 75 70 70 6f 72 74 65 64 53 41 53 4c 4d 65 63 68 upportedSASLMech
0020: 61 6e 69 73 6d 73 31 0c 04 0a 44 49 47 45 53 54 anisms1...DIGEST
0030: 2d 4d 44 35 -MD5
conn=2 op=0 ENTRY dn=""
<= send_search_entry
send_ldap_result: conn=2 op=0 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=1 tag=101 err=0
ber_flush: 14 bytes to sd 13
0000: 30 0c 02 01 01 65 07 0a 01 00 04 00 04 00 0....e........
ldap_write: want=14, written=14
0000: 30 0c 02 01 01 65 07 0a 01 00 04 00 04 00 0....e........
conn=2 op=0 RESULT tag=101 err=0 text=
daemon: select: listen=6 active_threads=1 tvp=NULL
daemon: select: listen=7 active_threads=1 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 13r
daemon: read activity on 13
connection_get(13)
connection_get(13): got connid=2
connection_read(13): checking for input on id=2
ber_get_next
ldap_read: want=9, got=9
0000: 30 18 02 01 02 60 13 02 01 0....`...
ldap_read: want=17, got=17
0000: 03 04 00 a3 0c 04 0a 44 49 47 45 53 54 2d 4d 44 .......DIGEST-MD
0010: 35 5
ber_get_next: tag 0x30 len 24 contents:
ber_dump: buf=0x081ec558 ptr=0x081ec558 end=0x081ec570 len=24
0000: 02 01 02 60 13 02 01 03 04 00 a3 0c 04 0a 44 49 ...`..........DI
0010: 47 45 53 54 2d 4d 44 35 GEST-MD5
ber_get_next
ldap_read: want=9 error=Resource temporarily unavailable
ber_get_next on fd 13 failed errno=11 (Resource temporarily unavailable)
do_bind
ber_scanf fmt ({imt) ber:
ber_dump: buf=0x081ec558 ptr=0x081ec55b end=0x081ec570 len=21
0000: 60 13 02 01 03 04 00 a3 0c 04 0a 44 49 47 45 53 `..........DIGES
0010: 54 2d 4d 44 35 T-MD5
ber_scanf fmt ({o) ber:
ber_dump: buf=0x081ec558 ptr=0x081ec562 end=0x081ec570 len=14
0000: 00 0c 04 0a 44 49 47 45 53 54 2d 4d 44 35 ....DIGEST-MD5
ber_scanf fmt (}}) ber:
ber_dump: buf=0x081ec558 ptr=0x081ec570 end=0x081ec570 len=0


**>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_sasl_bind: dn () mech DIGEST-MD5
conn=2 op=1 BIND dn="" method=163
==> sasl_bind: dn="" mech=DIGEST-MD5 datalen=0
daemon: select: listen=6 active_threads=1 tvp=NULL
daemon: select: listen=7 active_threads=1 tvp=NULL
**send_ldap_sasl: err=14 len=162
send_ldap_response: msgid=2 tag=97 err=14*
ber_flush: 181 bytes to sd 13 *
0000: 30 81 b2 02 01 02 61 81 ac 0a 01 0e 04 00 04 00 0.....a.........
0010: 87 81 a2 72 65 61 6c 6d 3d 22 69 6e 74 72 61 6e ...realm="intran
0020: 65 74 2e 66 72 22 2c 6e 6f 6e 63 65 3d 22 75 49 et.fr",nonce="uI
0030: 43 54 69 49 4e 79 4c 74 4d 51 45 6d 65 6a 4a 74 CTiINyLtMQEmejJt
0040: 34 39 59 30 39 72 71 61 4e 44 30 4b 4e 34 2b 73 49Y09rqaND0KN4+s
0050: 78 44 48 61 4c 43 54 35 6b 3d 22 2c 71 6f 70 3d xDHaLCT5k=",qop=
0060: 22 61 75 74 68 2c 61 75 74 68 2d 69 6e 74 2c 61 "auth,auth-int,a
0070: 75 74 68 2d 63 6f 6e 66 22 2c 63 69 70 68 65 72 uth-conf",cipher
0080: 3d 22 72 63 34 2d 34 30 2c 72 63 34 2d 35 36 2c ="rc4-40,rc4-56,
0090: 72 63 34 22 2c 63 68 61 72 73 65 74 3d 75 74 66 rc4",charset=utf
00a0: 2d 38 2c 61 6c 67 6f 72 69 74 68 6d 3d 6d 64 35 -8,algorithm=md5
00b0: 2d 73 65 73 73 -sess
ldap_write: want=181, written=181
0000: 30 81 b2 02 01 02 61 81 ac 0a 01 0e 04 00 04 00 0.....a.........
0010: 87 81 a2 72 65 61 6c 6d 3d 22 69 6e 74 72 61 6e ...realm="intran
0020: 65 74 2e 66 72 22 2c 6e 6f 6e 63 65 3d 22 75 49 et.fr",nonce="uI
0030: 43 54 69 49 4e 79 4c 74 4d 51 45 6d 65 6a 4a 74 CTiINyLtMQEmejJt
0040: 34 39 59 30 39 72 71 61 4e 44 30 4b 4e 34 2b 73 49Y09rqaND0KN4+s
0050: 78 44 48 61 4c 43 54 35 6b 3d 22 2c 71 6f 70 3d xDHaLCT5k=",qop=
0060: 22 61 75 74 68 2c 61 75 74 68 2d 69 6e 74 2c 61 "auth,auth-int,a
0070: 75 74 68 2d 63 6f 6e 66 22 2c 63 69 70 68 65 72 uth-conf",cipher
0080: 3d 22 72 63 34 2d 34 30 2c 72 63 34 2d 35 36 2c ="rc4-40,rc4-56,
0090: 72 63 34 22 2c 63 68 61 72 73 65 74 3d 75 74 66 rc4",charset=utf
00a0: 2d 38 2c 61 6c 67 6f 72 69 74 68 6d 3d 6d 64 35 -8,algorithm=md5
00b0: 2d 73 65 73 73 -sess
*<== slap_sasl_bind: rc=14*
............................
*When i put my password :
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Unknown error (80)
additional info: unable to get user's secret
and debug : *
.............
daemon: activity on 1 descriptors
daemon: activity on: 13r
daemon: read activity on 13
connection_get(13)
connection_get(13): got connid=2
connection_read(13): checking for input on id=2
ber_get_next
ldap_read: want=9, got=9
0000: 30 82 01 48 02 01 03 60 82 0..H...`.
ldap_read: want=323, got=323
0000: 01 41 02 01 03 04 00 a3 82 01 38 04 0a 44 49 47 .A........8..DIG
0010: 45 53 54 2d 4d 44 35 04 82 01 28 75 73 65 72 6e EST-MD5...(*usern*
0020: 61 6d 65 3d 22 72 6f 6f 74 22 2c 72 65 61 6c 6d **ame="root*"*,realm
0030: 3d 22 69 6e 74 72 61 6e 65 74 2e 66 72 22 2c 61 ="intranet.fr",a
0040: 75 74 68 7a 69 64 3d 22 75 3a 6d 61 73 74 65 72 uthzid="u:master
0050: 31 22 2c 6e 6f 6e 63 65 3d 22 75 49 43 54 69 49 1",nonce="uICTiI
0060: 4e 79 4c 74 4d 51 45 6d 65 6a 4a 74 34 39 59 30 NyLtMQEmejJt49Y0
0070: 39 72 71 61 4e 44 30 4b 4e 34 2b 73 78 44 48 61 9rqaND0KN4+sxDHa
0080: 4c 43 54 35 6b 3d 22 2c 63 6e 6f 6e 63 65 3d 22 LCT5k=",cnonce="
0090: 38 6b 2f 62 70 6b 65 57 43 66 65 47 61 77 5a 47 8k/bpkeWCfeGawZG
00a0: 67 4c 51 62 4d 68 33 67 72 42 66 61 47 47 35 57 gLQbMh3grBfaGG5W
00b0: 33 33 35 6f 4d 54 31 54 4a 43 34 3d 22 2c 6e 63 335oMT1TJC4=",nc
00c0: 3d 30 30 30 30 30 30 30 31 2c 71 6f 70 3d 61 75 =00000001,qop=au
00d0: 74 68 2d 63 6f 6e 66 2c 63 69 70 68 65 72 3d 22 th-conf,cipher="
00e0: 72 63 34 22 2c 63 68 61 72 73 65 74 3d 75 74 66 rc4",charset=utf
00f0: 2d 38 2c 64 69 67 65 73 74 2d 75 72 69 3d 22 6c -8,digest-uri="l
0100: 64 61 70 2f 6f 70 65 6e 6d 61 69 6c 2e 69 6e 74 dap/openmail.int
0110: 72 61 6e 65 74 2e 66 72 22 2c 72 65 73 70 6f 6e ranet.fr",respon
0120: 73 65 3d 62 30 66 61 39 64 39 36 32 30 61 61 66 se=b0fa9d9620aaf
0130: 61 35 35 39 37 30 33 32 33 62 62 32 61 32 30 35 a55970323bb2a205
0140: 63 66 33 cf3
ber_get_next: tag 0x30 len 328 contents:
ber_dump: buf=0x081ebc00 ptr=0x081ebc00 end=0x081ebd48 len=328
0000: 02 01 03 60 82 01 41 02 01 03 04 00 a3 82 01 38 ...`..A........8
0010: 04 0a 44 49 47 45 53 54 2d 4d 44 35 04 82 01 28 ..DIGEST-MD5...(
0020: 75 73 65 72 6e 61 6d 65 3d 22 72 6f 6f 74 22 2c username="root",
0030: 72 65 61 6c 6d 3d 22 69 6e 74 72 61 6e 65 74 2e realm="intranet.
0040: 66 72 22 2c 61 75 74 68 7a 69 64 3d 22 75 3a 6d fr",authzid="u:m
0050: 61 73 74 65 72 31 22 2c 6e 6f 6e 63 65 3d 22 75 aster1",nonce="u
0060: 49 43 54 69 49 4e 79 4c 74 4d 51 45 6d 65 6a 4a ICTiINyLtMQEmejJ
0070: 74 34 39 59 30 39 72 71 61 4e 44 30 4b 4e 34 2b t49Y09rqaND0KN4+
0080: 73 78 44 48 61 4c 43 54 35 6b 3d 22 2c 63 6e 6f sxDHaLCT5k=",cno
0090: 6e 63 65 3d 22 38 6b 2f 62 70 6b 65 57 43 66 65 nce="8k/bpkeWCfe
00a0: 47 61 77 5a 47 67 4c 51 62 4d 68 33 67 72 42 66 GawZGgLQbMh3grBf
00b0: 61 47 47 35 57 33 33 35 6f 4d 54 31 54 4a 43 34 aGG5W335oMT1TJC4
00c0: 3d 22 2c 6e 63 3d 30 30 30 30 30 30 30 31 2c 71 =",nc=00000001,q
00d0: 6f 70 3d 61 75 74 68 2d 63 6f 6e 66 2c 63 69 70 op=auth-conf,cip
00e0: 68 65 72 3d 22 72 63 34 22 2c 63 68 61 72 73 65 her="rc4",charse
00f0: 74 3d 75 74 66 2d 38 2c 64 69 67 65 73 74 2d 75 t=utf-8,digest-u
0100: 72 69 3d 22 6c 64 61 70 2f 6f 70 65 6e 6d 61 69 ri="ldap/openmai
0110: 6c 2e 69 6e 74 72 61 6e 65 74 2e 66 72 22 2c 72 l.intranet.fr",r
0120: 65 73 70 6f 6e 73 65 3d 62 30 66 61 39 64 39 36 esponse=b0fa9d96
0130: 32 30 61 61 66 61 35 35 39 37 30 33 32 33 62 62 20aafa55970323bb
0140: 32 61 32 30 35 63 66 33 2a205cf3
ber_get_next
ldap_read: want=9 error=Resource temporarily unavailable
ber_get_next on fd 13 failed errno=11 (Resource temporarily unavailable)
do_bind
ber_scanf fmt ({imt) ber:
ber_dump: buf=0x081ebc00 ptr=0x081ebc03 end=0x081ebd48 len=325
0000: 60 82 01 41 02 01 03 04 00 a3 82 01 38 04 0a 44 `..A........8..D
0010: 49 47 45 53 54 2d 4d 44 35 04 82 01 28 75 73 65 IGEST-MD5...(use
0020: 72 6e 61 6d 65 3d 22 72 6f 6f 74 22 2c 72 65 61 rname="root",rea
0030: 6c 6d 3d 22 69 6e 74 72 61 6e 65 74 2e 66 72 22 lm="intranet.fr"
0040: 2c 61 75 74 68 7a 69 64 3d 22 75 3a 6d 61 73 74 ,authzid="u:mast
0050: 65 72 31 22 2c 6e 6f 6e 63 65 3d 22 75 49 43 54 er1",nonce="uICT
0060: 69 49 4e 79 4c 74 4d 51 45 6d 65 6a 4a 74 34 39 iINyLtMQEmejJt49
0070: 59 30 39 72 71 61 4e 44 30 4b 4e 34 2b 73 78 44 Y09rqaND0KN4+sxD
0080: 48 61 4c 43 54 35 6b 3d 22 2c 63 6e 6f 6e 63 65 HaLCT5k=",cnonce
0090: 3d 22 38 6b 2f 62 70 6b 65 57 43 66 65 47 61 77 ="8k/bpkeWCfeGaw
00a0: 5a 47 67 4c 51 62 4d 68 33 67 72 42 66 61 47 47 ZGgLQbMh3grBfaGG
00b0: 35 57 33 33 35 6f 4d 54 31 54 4a 43 34 3d 22 2c 5W335oMT1TJC4=",
00c0: 6e 63 3d 30 30 30 30 30 30 30 31 2c 71 6f 70 3d nc=00000001,qop=
00d0: 61 75 74 68 2d 63 6f 6e 66 2c 63 69 70 68 65 72 auth-conf,cipher
00e0: 3d 22 72 63 34 22 2c 63 68 61 72 73 65 74 3d 75 ="rc4",charset=u
00f0: 74 66 2d 38 2c 64 69 67 65 73 74 2d 75 72 69 3d tf-8,digest-uri=
0100: 22 6c 64 61 70 2f 6f 70 65 6e 6d 61 69 6c 2e 69 "ldap/openmail.i
0110: 6e 74 72 61 6e 65 74 2e 66 72 22 2c 72 65 73 70 ntranet.fr",resp
0120: 6f 6e 73 65 3d 62 30 66 61 39 64 39 36 32 30 61 onse=b0fa9d9620a
0130: 61 66 61 35 35 39 37 30 33 32 33 62 62 32 61 32 afa55970323bb2a2
0140: 30 35 63 66 33 05cf3
ber_scanf fmt ({o) ber:
ber_dump: buf=0x081ebc00 ptr=0x081ebc0c end=0x081ebd48 len=316
0000: 00 82 01 38 04 0a 44 49 47 45 53 54 2d 4d 44 35 ...8..DIGEST-MD5
0010: 04 82 01 28 75 73 65 72 6e 61 6d 65 3d 22 72 6f ...(username="ro
0020: 6f 74 22 2c 72 65 61 6c 6d 3d 22 69 6e 74 72 61 ot",realm="intra
0030: 6e 65 74 2e 66 72 22 2c 61 75 74 68 7a 69 64 3d net.fr",authzid=
0040: 22 75 3a 6d 61 73 74 65 72 31 22 2c 6e 6f 6e 63 "u:master1",nonc
0050: 65 3d 22 75 49 43 54 69 49 4e 79 4c 74 4d 51 45 e="uICTiINyLtMQE
0060: 6d 65 6a 4a 74 34 39 59 30 39 72 71 61 4e 44 30 mejJt49Y09rqaND0
0070: 4b 4e 34 2b 73 78 44 48 61 4c 43 54 35 6b 3d 22 KN4+sxDHaLCT5k="
0080: 2c 63 6e 6f 6e 63 65 3d 22 38 6b 2f 62 70 6b 65 ,cnonce="8k/bpke
0090: 57 43 66 65 47 61 77 5a 47 67 4c 51 62 4d 68 33 WCfeGawZGgLQbMh3
00a0: 67 72 42 66 61 47 47 35 57 33 33 35 6f 4d 54 31 grBfaGG5W335oMT1
00b0: 54 4a 43 34 3d 22 2c 6e 63 3d 30 30 30 30 30 30 TJC4=",nc=000000
00c0: 30 31 2c 71 6f 70 3d 61 75 74 68 2d 63 6f 6e 66 01,qop=auth-conf
00d0: 2c 63 69 70 68 65 72 3d 22 72 63 34 22 2c 63 68 ,cipher="rc4",ch
00e0: 61 72 73 65 74 3d 75 74 66 2d 38 2c 64 69 67 65 arset=utf-8,dige
00f0: 73 74 2d 75 72 69 3d 22 6c 64 61 70 2f 6f 70 65 st-uri="ldap/ope
0100: 6e 6d 61 69 6c 2e 69 6e 74 72 61 6e 65 74 2e 66 nmail.intranet.f
0110: 72 22 2c 72 65 73 70 6f 6e 73 65 3d 62 30 66 61 r",response=b0fa
0120: 39 64 39 36 32 30 61 61 66 61 35 35 39 37 30 33 9d9620aafa559703
0130: 32 33 62 62 32 61 32 30 35 63 66 33 23bb2a205cf3
ber_scanf fmt (m) ber:
ber_dump: buf=0x081ebc00 ptr=0x081ebc1c end=0x081ebd48 len=300
0000: 04 82 01 28 75 73 65 72 6e 61 6d 65 3d 22 72 6f ...(username="ro
0010: 6f 74 22 2c 72 65 61 6c 6d 3d 22 69 6e 74 72 61 ot",realm="intra
0020: 6e 65 74 2e 66 72 22 2c 61 75 74 68 7a 69 64 3d net.fr",authzid=
0030: 22 75 3a 6d 61 73 74 65 72 31 22 2c 6e 6f 6e 63 "u:master1",nonc
0040: 65 3d 22 75 49 43 54 69 49 4e 79 4c 74 4d 51 45 e="uICTiINyLtMQE
0050: 6d 65 6a 4a 74 34 39 59 30 39 72 71 61 4e 44 30 mejJt49Y09rqaND0
0060: 4b 4e 34 2b 73 78 44 48 61 4c 43 54 35 6b 3d 22 KN4+sxDHaLCT5k="
0070: 2c 63 6e 6f 6e 63 65 3d 22 38 6b 2f 62 70 6b 65 ,cnonce="8k/bpke
0080: 57 43 66 65 47 61 77 5a 47 67 4c 51 62 4d 68 33 WCfeGawZGgLQbMh3
0090: 67 72 42 66 61 47 47 35 57 33 33 35 6f 4d 54 31 grBfaGG5W335oMT1
00a0: 54 4a 43 34 3d 22 2c 6e 63 3d 30 30 30 30 30 30 TJC4=",nc=000000
00b0: 30 31 2c 71 6f 70 3d 61 75 74 68 2d 63 6f 6e 66 01,qop=auth-conf
00c0: 2c 63 69 70 68 65 72 3d 22 72 63 34 22 2c 63 68 ,cipher="rc4",ch
00d0: 61 72 73 65 74 3d 75 74 66 2d 38 2c 64 69 67 65 arset=utf-8,dige
00e0: 73 74 2d 75 72 69 3d 22 6c 64 61 70 2f 6f 70 65 st-uri="ldap/ope
00f0: 6e 6d 61 69 6c 2e 69 6e 74 72 61 6e 65 74 2e 66 nmail.intranet.f
0100: 72 22 2c 72 65 73 70 6f 6e 73 65 3d 62 30 66 61 r",response=b0fa
0110: 39 64 39 36 32 30 61 61 66 61 35 35 39 37 30 33 9d9620aafa559703
0120: 32 33 62 62 32 61 32 30 35 63 66 33 23bb2a205cf3
ber_scanf fmt (}}) ber:
ber_dump: buf=0x081ebc00 ptr=0x081ebd48 end=0x081ebd48 len=0


**>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_sasl_bind: dn () mech DIGEST-MD5
conn=2 op=2 BIND dn="" method=163
==> sasl_bind: dn="" mech=<continuing> datalen=296
send_ldap_result: conn=2 op=2 p=3
send_ldap_result: err=80 matched="" text="unable to get user's secret"
send_ldap_response: msgid=3 tag=97 err=80* *
ber_flush: 41 bytes to sd 13
0000:  30 27 02 01 03 61 22 0a  01 50 04 00 04 1b 75 6e   0'...a"..P....un
0010:  61 62 6c 65 20 74 6f 20  67 65 74 20 75 73 65 72   able to get user
0020:  27 73 20 73 65 63 72 65  74                        's secret
ldap_write: want=41, written=41
0000:  30 27 02 01 03 61 22 0a  01 50 04 00 04 1b 75 6e   0'...a"..P....un
0010:  61 62 6c 65 20 74 6f 20  67 65 74 20 75 73 65 72   able to get user
0020:  27 73 20 73 65 63 72 65  74                        's secret
**conn=2 op=2 RESULT tag=97 err=80 text=unable to get user's secret
<== slap_sasl_bind: rc=80* *
daemon: select: listen=6 active_threads=1 tvp=NULL
daemon: select: listen=7 active_threads=1 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 13r
daemon: read activity on 13
connection_get(13)
connection_get(13): got connid=2
connection_read(13): checking for input on id=2
ber_get_next
ldap_read: want=9, got=0

ber_get_next on fd 13 failed errno=0 (Success)
connection_read(13): input error=-2 id=2, closing.
connection_closing: readying conn=2 sd=13 for close
connection_close: conn=2 sd=13
daemon: removing 13
conn=2 fd=13 closed
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL

*It seems not taking my username...? but root by default..
My ldif for user master1 is : *

dn: uid=master1,ou=Admins,o=Mairie,dc=intranet,dc=fr
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: master1
sn: master1
uid: master1
userPassword: "mycleartextpassword" => like you answer to my last message

*So could you help me please, what i'm doing wrong ??
Thierry*