[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: sasl / external : unable to get TLS client DN
- To: "Francois Beretti" <francois.beretti@enatel.com>, "Liste OpenLDAP Software" <openldap-software@OpenLDAP.org>
- Subject: RE: sasl / external : unable to get TLS client DN
- From: "Chapman, Kyle" <Kyle_Chapman@G1.com>
- Date: Thu, 6 Mar 2003 13:48:06 -0500
- Content-class: urn:content-classes:message
- Importance: normal
- Thread-index: AcLkBo+h/DN33cClTGib2Yia0KiGXwACndmA
- Thread-topic: sasl / external : unable to get TLS client DN
have you defined in your .ldaprc the vars TLS_CERT and TLS_KEY?
these are needed for SASL/EXTERNAL
-----Original Message-----
From: Francois Beretti [mailto:francois.beretti@enatel.com]
Sent: Thursday, March 06, 2003 12:19 PM
To: Liste OpenLDAP Software
Subject: sasl / external : unable to get TLS client DN
Hello all
back and still fighting with sasl external...
I hope you can help me
I have created a client certificate with openssl
and the certificate dn seems to be :
C=FR, ST=France, L=Gennevilliers, O=Enatel,
CN=francois/Email=francois.beretti@enatel.com
I have a user "cn=francois,ou=people,dc=enatel,dc=local"
in my directory
Since I want to use sasl external as an authentification
method, I put in my slapd.conf :
sasl-host linux-integ.enatel.local
sasl-regexp C=FR,ST=France,L=Gennevilliers,O=Enatel,CN=(.*)/Email=(.*)
cn=$1,ou=people,dc=enatel,dc=local
sasl-regexp is in only one line (my mail client split it)
but when I enter :
[francois@linux-integ francois]$ ldapsearch -ZZ -Y EXTERNAL
ldap_sasl_interactive_bind_s: Local error (82)
in my logs I got :
unable to get TLS client DN error=49
I think I'm not using the right replacement string
Anyone can help me ?
Maybe some config is needed on the saslauthd side,
but I have found nothing on the web...
regards,
Francois
here are my slapd logs (loglevel -1) :
daemon: activity on 1 descriptors
daemon: new connection on 10
str2filter "(objectclass=*)"
begin get_filter
PRESENT
end get_filter 0
conn=0 fd=10 ACCEPT from IP=10.10.50.1:1718 (IP=0.0.0.0:389)
daemon: added 10r
daemon: activity on:
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on:
10r
daemon: read activity on 10
connection_get(10)
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next on fd 10 failed errno=11 (Resource temporarily
unavailable)
do_extended
daemon: select: listen=6 active_threads=1 tvp=NULL
do_extended: oid=1.3.6.1.4.1.1466.20037
daemon: select: listen=7 active_threads=1 tvp=NULL
send_ldap_extended err=0 oid= len=0
send_ldap_response: msgid=1 tag=120 err=0
daemon: activity on 1 descriptors
daemon: activity on:
10r
daemon: read activity on 10
connection_get(10)
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on:
10r
daemon: read activity on 10
connection_get(10)
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
<<<<<<<<
connection_read(10): unable to get TLS client DN error=49 id=0
>>>>>>>>
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on:
10r
daemon: read activity on 10
connection_get(10)
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next on fd 10 failed errno=0 (Success)
connection_read(10): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=10 for close
connection_close: conn=0 sd=10
daemon: removing 10
conn=0 fd=10 closed
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
NOTICE: This E-mail may contain confidential information. If you are not
the addressee or the intended recipient please do not read this E-mail
and please immediately delete this e-mail message and any attachments
from your workstation or network mail system. If you are the addressee
or the intended recipient and you save or print a copy of this E-mail,
please place it in an appropriate file, depending on whether
confidential information is contained in the message.