[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
in-storage problem
Please,
Cyrus 2.1.6, openldap-2.1.3, openssl-0.9e
my ldif entry :
dn: uid=wheel,ou=Admins,o=Mairie,dc=intranet,dc=fr
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: wheel
sn: wheel
uid: wheel
userPassword: "mypass"
slapd.conf regex:
saslRegexp
uid=(.*),cn=intranet.fr,cn=DIGEST-MD5,cn=auth
uid=$1,ou=admins,o=mairie,dc=intranet,dc=fr
test:
ldapsearch -H "ldap://openmail.intranet.fr" -D
"uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr" -b 'dc=intranet,dc=fr'
-X "u:wheel" -U "wheel"
result:
==> sasl_bind: dn="uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr"
mech=<continuing> datalen=281
SASL [conn=0] Debug: DIGEST-MD5 server step 2
SASL Canonicalize [conn=0]: authcid="wheel"
slap_sasl_getdn: id=wheel
getdn: u:id converted to uid=wheel,cn=intranet.fr,cn=DIGEST-MD5,cn=auth
>>> dnNormalize: <uid=wheel,cn=intranet.fr,cn=DIGEST-MD5,cn=auth>
<<< dnNormalize: <uid=wheel,cn=intranet.fr,cn=digest-md5,cn=auth>
==>slap_sasl2dn: converting SASL name
uid=wheel,cn=intranet.fr,cn=digest-md5,cn=auth to a DN
slap_sasl_regexp: converting SASL name
uid=wheel,cn=intranet.fr,cn=digest-md5,cn=auth
slap_sasl_regexp: converted SASL name to
ldap:///uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr??base?
<==slap_sasl2dn: Converted SASL name to
uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr
getdn: dn:id converted to uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr
SASL Canonicalize [conn=0]:
authcDN="uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr"
=> bdb_attribute: gr dn: "uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr"
=> bdb_attribute: at: "userPassword"
=> bdb_attribute: tr dn: ""
bdb_dn2entry_rw("uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr")
=> bdb_dn2id( "uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr" )
<= bdb_dn2id: got id=0x00000027
entry_decode: "uid=wheel,ou=Admins,o=Mairie,dc=intranet,dc=fr"
<= entry_decode(uid=wheel,ou=Admins,o=Mairie,dc=intranet,dc=fr)
=> bdb_attribute: found entry:
"uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr"
====> bdb_cache_return_entry_r( 39 ): created (0)
bdb_attribute: rc=0 nvals=1
slap_auxprop: str2ad(cmusaslsecretDIGEST-MD5): attribute type undefined
=> bdb_attribute: gr dn: "uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr"
=> bdb_attribute: at: "CMUSASLSECRETDIGEST-MD5"
=> bdb_attribute: tr dn: ""
bdb_dn2entry_rw("uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr")
=> bdb_dn2id( "uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr" )
====>
bdb_cache_find_entry_dn2id("uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr"):
39 (1 tries)
====> bdb_cache_find_entry_id( 39 )
"uid=wheel,ou=Admins,o=Mairie,dc=intranet,dc=fr" (found) (1 tries)
=> bdb_attribute: found entry:
"uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr"
<= bdb_attribute: failed to find CMUSASLSECRETDIGEST-MD5
====> bdb_cache_return_entry_r( 39 ): returned (0)
bdb_attribute: rc=16 nvals=0
SASL Canonicalize [conn=0]: authzid="u:wheel"
slap_sasl_getdn: id=u:wheel
getdn: u:id converted to uid=wheel,cn=intranet.fr,cn=DIGEST-MD5,cn=auth
>>> dnNormalize: <uid=wheel,cn=intranet.fr,cn=DIGEST-MD5,cn=auth>
<<< dnNormalize: <uid=wheel,cn=intranet.fr,cn=digest-md5,cn=auth>
==>slap_sasl2dn: converting SASL name
uid=wheel,cn=intranet.fr,cn=digest-md5,cn=auth to a DN
slap_sasl_regexp: converting SASL name
uid=wheel,cn=intranet.fr,cn=digest-md5,cn=auth
slap_sasl_regexp: converted SASL name to
ldap:///uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr??base?
<==slap_sasl2dn: Converted SASL name to
uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr
getdn: dn:id converted to uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr
SASL Canonicalize [conn=0]:
authzDN="uid=wheel,ou=admins,o=mairie,dc=intranet,dc=fr"
SASL [conn=0] Failure: client response doesn't match what we generated
daemon: select: listen=6 active_threads=1 tvp=zero
daemon: select: listen=7 active_threads=1 tvp=zero
daemon: select timeout - yielding
send_ldap_result: conn=0 op=2 p=3
send_ldap_result: err=49 matched="" text="SASL(-13): authentication
failure: client response doesn't match what we generated"
send_ldap_response: msgid=3 tag=97 err=49
ber_flush: 96 bytes to sd 13
i' m not understand, slapd_auxprop seems to mapping username but failed
to retrieve userPassword and look for sasl attribute instead :
slap_auxprop: str2ad(cmusaslsecretDIGEST-MD5): attribute type undefined
Slapd have is own sasl_plug for in-storage password so I normally not
have to compile sasl with saslauthd ?
Experimental sasl_auxprop plugin for ldap is for use with saslauthd but
slapd_sasl_auxprop is an internal openldap plugin, isn't it ?