[Date Prev][Date Next] [Chronological] [Thread] [Top]

in-storage problem



Please,
Cyrus 2.1.6, openldap-2.1.3, openssl-0.9e

my ldif entry :
dn: uid=wheel,ou=Admins,o=Mairie,dc=intranet,dc=fr
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: wheel
sn: wheel
uid: wheel
userPassword: "mypass"

slapd.conf regex:
saslRegexp
            uid=(.*),cn=intranet.fr,cn=DIGEST-MD5,cn=auth
            uid=$1,ou=admins,o=mairie,dc=intranet,dc=fr

test:
ldapsearch -H "ldap://openmail.intranet.fr"; -D "uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr" -b 'dc=intranet,dc=fr' -X "u:wheel" -U "wheel"


result:
==> sasl_bind: dn="uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr" mech=<continuing> datalen=281
SASL [conn=0] Debug: DIGEST-MD5 server step 2
SASL Canonicalize [conn=0]: authcid="wheel"
slap_sasl_getdn: id=wheel
getdn: u:id converted to uid=wheel,cn=intranet.fr,cn=DIGEST-MD5,cn=auth
>>> dnNormalize: <uid=wheel,cn=intranet.fr,cn=DIGEST-MD5,cn=auth>
<<< dnNormalize: <uid=wheel,cn=intranet.fr,cn=digest-md5,cn=auth>
==>slap_sasl2dn: converting SASL name uid=wheel,cn=intranet.fr,cn=digest-md5,cn=auth to a DN
slap_sasl_regexp: converting SASL name uid=wheel,cn=intranet.fr,cn=digest-md5,cn=auth
slap_sasl_regexp: converted SASL name to ldap:///uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr??base?
<==slap_sasl2dn: Converted SASL name to uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr
getdn: dn:id converted to uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr
SASL Canonicalize [conn=0]: authcDN="uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr"
=> bdb_attribute: gr dn: "uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr"
=> bdb_attribute: at: "userPassword"
=> bdb_attribute: tr dn: ""
bdb_dn2entry_rw("uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr")
=> bdb_dn2id( "uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr" )
<= bdb_dn2id: got id=0x00000027
entry_decode: "uid=wheel,ou=Admins,o=Mairie,dc=intranet,dc=fr"
<= entry_decode(uid=wheel,ou=Admins,o=Mairie,dc=intranet,dc=fr)
=> bdb_attribute: found entry: "uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr"
====> bdb_cache_return_entry_r( 39 ): created (0)
bdb_attribute: rc=0 nvals=1
slap_auxprop: str2ad(cmusaslsecretDIGEST-MD5): attribute type undefined
=> bdb_attribute: gr dn: "uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr"
=> bdb_attribute: at: "CMUSASLSECRETDIGEST-MD5"
=> bdb_attribute: tr dn: ""
bdb_dn2entry_rw("uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr")
=> bdb_dn2id( "uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr" )
====> bdb_cache_find_entry_dn2id("uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr"): 39 (1 tries)
====> bdb_cache_find_entry_id( 39 ) "uid=wheel,ou=Admins,o=Mairie,dc=intranet,dc=fr" (found) (1 tries)
=> bdb_attribute: found entry: "uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr"
<= bdb_attribute: failed to find CMUSASLSECRETDIGEST-MD5
====> bdb_cache_return_entry_r( 39 ): returned (0)
bdb_attribute: rc=16 nvals=0
SASL Canonicalize [conn=0]: authzid="u:wheel"
slap_sasl_getdn: id=u:wheel
getdn: u:id converted to uid=wheel,cn=intranet.fr,cn=DIGEST-MD5,cn=auth
>>> dnNormalize: <uid=wheel,cn=intranet.fr,cn=DIGEST-MD5,cn=auth>
<<< dnNormalize: <uid=wheel,cn=intranet.fr,cn=digest-md5,cn=auth>
==>slap_sasl2dn: converting SASL name uid=wheel,cn=intranet.fr,cn=digest-md5,cn=auth to a DN
slap_sasl_regexp: converting SASL name uid=wheel,cn=intranet.fr,cn=digest-md5,cn=auth
slap_sasl_regexp: converted SASL name to ldap:///uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr??base?
<==slap_sasl2dn: Converted SASL name to uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr
getdn: dn:id converted to uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr
SASL Canonicalize [conn=0]: authzDN="uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr"
SASL [conn=0] Failure: client response doesn't match what we generated
daemon: select: listen=6 active_threads=1 tvp=zero
daemon: select: listen=7 active_threads=1 tvp=zero
daemon: select timeout - yielding
send_ldap_result: conn=0 op=2 p=3
send_ldap_result: err=49 matched="" text="SASL(-13): authentication failure: client response doesn't match what we generated"
send_ldap_response: msgid=3 tag=97 err=49
ber_flush: 96 bytes to sd 13


i' m not understand, slapd_auxprop seems to mapping username but failed to retrieve userPassword and look for sasl attribute instead :
slap_auxprop: str2ad(cmusaslsecretDIGEST-MD5): attribute type undefined


Slapd have is own sasl_plug for in-storage password so I normally not have to compile sasl with saslauthd ?
Experimental sasl_auxprop plugin for ldap is for use with saslauthd but slapd_sasl_auxprop is an internal openldap plugin, isn't it ?