[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
GSSAPI Binds openldap 2.1.12
I am having a issue with getting my gssapi/sasl binds working. I was wondering
if someone could give me a little insight,
ldapsearch -Y GSSAPI -b 'dc=csic,dc=umd,dc=edu' '(uid=derek)'
Here is the server output,
Jan 22 14:43:36 queasy slapd[10595]: conn=0 fd=13 ACCEPT from IP=127.0.0.1:56125 (IP=0.0.0.0:389)
Jan 22 14:43:36 queasy slapd[10604]: conn=0 op=0 BIND dn="" method=163
Jan 22 14:43:36 queasy slapd[10604]: conn=0 op=1 BIND dn="" method=163
Jan 22 14:43:36 queasy slapd[10604]: conn=0 op=2 BIND dn="" method=163
Jan 22 14:43:36 queasy slapd[10604]: conn=0 op=2 BIND authcid="derek"
Jan 22 14:43:36 queasy slapd[10604]: conn=0 op=2 AUTHZ dn="uid=derek,ou=staff,dc=csic,dc=umd,dc=edu" mech=GSSAPI ssf=56
Jan 22 14:43:36 queasy slapd[10604]: conn=0 op=3 SRCH base="ou=staff,dc=csic,dc=umd,dc=edu" scope=2 filter="(uid=derek)"
Jan 22 14:43:36 queasy slapd[10604]: <= bdb_equality_candidates: index_param failed (18)
Jan 22 14:43:36 queasy slapd[10604]: conn=0 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 22 14:43:36 queasy slapd[10604]: conn=0 op=4 UNBIND
Jan 22 14:43:36 queasy slapd[10604]: conn=0 fd=13 closed
----------------------------------------------------------
derek@queasy:~> /csic/openldap/bin/ldapsearch -Y GSSAPI -b 'ou=staff,dc=csic,dc=umd,dc=edu' '(uid=derek)'
SASL/GSSAPI authentication started
SASL SSF: 56
SASL installing layers
# extended LDIF
#
# LDAPv3
# base <ou=staff,dc=csic,dc=umd,dc=edu> with scope sub
# filter: (uid=derek)
# requesting: ALL
#
# search result
search: 4
result: 0 Success
# numResponses: 1
----------------------------------------------------------
But it doesn't return anything, but a normal bind will return something,
----------------------------------------------------------
derek@queasy:~> /csic/openldap/bin/ldapsearch -x -D 'cn=staff,dc=csic,dc=umd,dc=edu' -b 'dc=csic,dc=umd,dc=edu' -W '(uid=derek)'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=csic,dc=umd,dc=edu> with scope sub
# filter: (uid=derek)
# requesting: ALL
#
# derek, staff, csic.umd.edu
dn: uid=derek,ou=staff,dc=csic,dc=umd,dc=edu
objectClass: csicAccount
objectClass: account
cn: Derek Yarnell
uid: derek
uidNumber: 2174
gidNumber: 10
homeDirectory: /afs/csic/staff/derek
loginShell: /bin/tcsh
mailHost: cs.umd.edu
mailRoutingAddress: derek@cs.umd.edu
mailLocalAddress: derek@cs.umd.edu
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
----------------------------------------------------------
here is my sasl-regex,
sasl-regexp uid=(.*),cn=gssapi,cn=auth
uid=$1,ou=staff,dc=csic,dc=umd,dc=edu
and the only other access control i have,
access to attr=loginShell,gecos,cn,mailroutingaddress
by dn="cn=staff,dc=csic,dc=umd,dc=edu"
by self write
by users read
thanks for any help.
--
---
Derek T. Yarnell
University of Maryland
Computer Science Department Unix Staff
derek@cs.umd.edu