[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
OpenLDAP & Cyrus SASL
Hello,
I am running
OpenLDAP 2.1.3
Cyrus Sasl 1.5.27
Berkeley DB 4.0.14
openssl 0.9.6d
Under Solaris 8 on a Netra T1405.
I read the SASL page at openldap.org, but I'm still getting some problems
when trying to bind with K4 or K5 to slapd. I can do K4 binds with kbind,
but would like to deprecate that usage. I see
ldap_sasl interactive_bind_s: Local error (82) for K4 and GSSAPI binds.
Prior to doing any binds, klist shows the following:
Ticket cache: FILE:/tmp/krb5cc_p11192
Default principal: quanah@stanford.edu
Valid starting Expires Service principal
07/15/02 09:18:01 07/16/02 10:18:00 krbtgt/stanford.edu@stanford.edu
Kerberos 4 ticket cache: /tmp/tkt54046
Principal: quanah@IR.STANFORD.EDU
Issued Expires Principal
07/15/02 09:18:01 07/16/02 10:44:22 krbtgt.IR.STANFORD.EDU@IR.STANFORD.EDU
07/15/02 09:18:01 07/16/02 10:44:22 afs@IR.STANFORD.EDU
After a K4 bind, I see the ldap principle loaded:
ldap4:~> klist
Ticket cache: FILE:/tmp/krb5cc_p11192
Default principal: quanah@stanford.edu
Valid starting Expires Service principal
07/15/02 09:18:01 07/16/02 10:18:00 krbtgt/stanford.edu@stanford.edu
Kerberos 4 ticket cache: /tmp/tkt54046
Principal: quanah@IR.STANFORD.EDU
Issued Expires Principal
07/15/02 09:18:01 07/16/02 10:44:22 krbtgt.IR.STANFORD.EDU@IR.STANFORD.EDU
07/15/02 09:18:01 07/16/02 10:44:22 afs@IR.STANFORD.EDU
07/15/02 09:18:58 07/16/02 10:45:19 ldap.ldap4@IR.STANFORD.EDU
However, in the syslog, I see:
Jul 15 09:18:58 ldap4.Stanford.EDU slapd[10347]: [ID 124591 local4.debug]
do_sasl_bind: dn () mech KERBEROS_V4
Jul 15 09:18:58 ldap4.Stanford.EDU slapd[10347]: [ID 347666 local4.debug]
conn=6 op=2 BIND dn="" method=163
Jul 15 09:18:58 ldap4.Stanford.EDU slapd[10347]: [ID 458069 local4.debug]
==> sasl_bind: dn="" mech=<continuing> datalen=117
Jul 15 09:18:58 ldap4.Stanford.EDU slapd[10347]: [ID 335269 local4.debug]
send_ldap_sasl: err=14 len=8
Jul 15 09:18:58 ldap4.Stanford.EDU slapd[10347]: [ID 324658 local4.debug]
send_ldap_response: msgid=3 tag=97 err=14
Jul 15 09:18:58 ldap4.Stanford.EDU slapd[10347]: [ID 540187 local4.debug]
<== slap_sasl_bind: rc=14
Jul 15 09:18:58 ldap4.Stanford.EDU ldapsearch[11213]: [ID 702911
auth.error] KERBEROS_V4: unable to get local IP address: can't request info
until later in exchange
I have compiled SASL both with and without KRB4_IGNORE_IP_ADDRESS defined,
and I still get the error.
When I do a K5 search, I see the K5 principle loaded in klist:
ldap4:~> ldapsearch -Y gssapi -h ldap4
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Can't contact LDAP server (81)
ldap4:~> klist
Ticket cache: FILE:/tmp/krb5cc_p11192
Default principal: quanah@stanford.edu
Valid starting Expires Service principal
07/15/02 09:36:07 07/16/02 10:36:06 krbtgt/stanford.edu@stanford.edu
07/15/02 09:36:30 07/16/02 10:36:06 ldap/ldap4.stanford.edu@stanford.edu
Kerberos 4 ticket cache: /tmp/tkt54046
Principal: quanah@IR.STANFORD.EDU
Issued Expires Principal
07/15/02 09:36:07 07/16/02 11:02:28 krbtgt.IR.STANFORD.EDU@IR.STANFORD.EDU
07/15/02 09:36:07 07/16/02 11:02:28 afs@IR.STANFORD.EDU
However, slapd dies immediately, thus creating the error seen.
Anyone have any ideas on the problem here? Syslog isn't too helpful with
this one:
Jul 15 09:36:30 ldap4.Stanford.EDU slapd[11393]: [ID 454241 local4.debug]
daemon: activity on 1 descriptors
Jul 15 09:36:30 ldap4.Stanford.EDU slapd[11393]: [ID 923062 local4.debug]
daemon: new connection on 12
Jul 15 09:36:30 ldap4.Stanford.EDU slapd[11393]: [ID 293980 local4.debug]
daemon: conn=0 fd=12 connection from IP=171.64.14.183:33201
(IP=0.0.0.0:389) accepted.
Jul 15 09:36:30 ldap4.Stanford.EDU slapd[11393]: [ID 732783 local4.debug]
daemon: added 12r
Jul 15 09:36:30 ldap4.Stanford.EDU slapd[11393]: [ID 802679 local4.debug]
daemon: activity on:
Jul 15 09:36:30 ldap4.Stanford.EDU slapd[11393]: [ID 100000 local4.debug]
Jul 15 09:36:30 ldap4.Stanford.EDU slapd[11393]: [ID 538834 local4.debug]
daemon: select: listen=7 active_threads=0 tvp=NULL
Jul 15 09:36:30 ldap4.Stanford.EDU slapd[11393]: [ID 538834 local4.debug]
daemon: select: listen=8 active_threads=0 tvp=NULL
Jul 15 09:36:30 ldap4.Stanford.EDU slapd[11393]: [ID 454241 local4.debug]
daemon: activity on 1 descriptors
Jul 15 09:36:30 ldap4.Stanford.EDU slapd[11393]: [ID 802679 local4.debug]
daemon: activity on:
Jul 15 09:36:30 ldap4.Stanford.EDU slapd[11393]: [ID 522297 local4.debug]
12r
Jul 15 09:36:30 ldap4.Stanford.EDU slapd[11393]: [ID 100000 local4.debug]
Jul 15 09:36:30 ldap4.Stanford.EDU slapd[11393]: [ID 694296 local4.debug]
daemon: read activity on 12
Jul 15 09:36:30 ldap4.Stanford.EDU slapd[11393]: [ID 525477 local4.debug]
connection_get(12)
Jul 15 09:36:30 ldap4.Stanford.EDU slapd[11393]: [ID 611214 local4.debug]
connection_get(12): got connid=0
Jul 15 09:36:30 ldap4.Stanford.EDU slapd[11393]: [ID 138202 local4.debug]
connection_read(12): checking for input on id=0
Jul 15 09:36:30 ldap4.Stanford.EDU slapd[11393]: [ID 948228 local4.debug]
do_bind
Jul 15 09:36:30 ldap4.Stanford.EDU slapd[11393]: [ID 812316 local4.debug]
ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable)
Jul 15 09:36:30 ldap4.Stanford.EDU slapd[11393]: [ID 538834 local4.debug]
daemon: select: listen=7 active_threads=1 tvp=NULL
Jul 15 09:36:30 ldap4.Stanford.EDU slapd[11393]: [ID 538834 local4.debug]
daemon: select: listen=8 active_threads=1 tvp=NULL
Jul 15 09:36:30 ldap4.Stanford.EDU slapd[11393]: [ID 198467 local4.debug]
dnPrettyNormal: <>
Jul 15 09:36:30 ldap4.Stanford.EDU slapd[11393]: [ID 147344 local4.debug]
<<< dnPrettyNormal: <>, <>
Jul 15 09:36:30 ldap4.Stanford.EDU slapd[11393]: [ID 124591 local4.debug]
do_sasl_bind: dn () mech GSSAPI
Jul 15 09:36:30 ldap4.Stanford.EDU slapd[11393]: [ID 347666 local4.debug]
conn=0 op=0 BIND dn="" method=163
Jul 15 09:36:30 ldap4.Stanford.EDU slapd[11393]: [ID 458069 local4.debug]
==> sasl_bind: dn="" mech=GSSAPI datalen=483
(Nothing after this).
--Quanah
--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University