[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: test of SASL DIGEST-MD5 mechanism
- To: "Cindy Wang" <cwang@KiNETWORKS.com>
- Subject: RE: test of SASL DIGEST-MD5 mechanism
- From: "Chapman, Kyle" <Kyle_Chapman@G1.com>
- Date: Tue, 18 Mar 2003 18:19:57 -0500
- Cc: <openldap-software@OpenLDAP.org>
- Content-class: urn:content-classes:message
- Thread-index: AcLtoNGAeg38egciRVC7bSZ8JfO7eAABDfSw
- Thread-topic: test of SASL DIGEST-MD5 mechanism
if you look at your regexp, cn=enigeer <> cn=engineer
-----Original Message-----
From: Cindy Wang [mailto:cwang@KiNETWORKS.com]
Sent: Tuesday, March 18, 2003 5:51 PM
To: Chapman, Kyle
Cc: openldap-software@OpenLDAP.org
Subject: Re: test of SASL DIGEST-MD5 mechanism
I don't think it is a typo. The sasl-regexp directive is used to map
authentication identities to LDAP entries.
Cindy
Chapman, Kyle wrote:
>is this a typo from your log?
>"uid=$1,cn=enigneer,dc=rtp,dc=KiNETWORKS,dc=com"
>
>your dn is:
>dn: cn=Andrew,cn=engineer,dc=rtp,dc=KiNETWORKS,dc=com
>
>-----Original Message-----
>From: Cindy Wang [mailto:cwang@kinetworks.com]
>Sent: Tuesday, March 18, 2003 2:17 PM
>To: openldap-software@OpenLDAP.org
>Subject: test of SASL DIGEST-MD5 mechanism
>
>
>Hi:
>
>I am trying to set up some simple tests of SASL DIGEST-MD 5 mechanism
>running openldap.2.1.16 with SASL on Solaris 5.7. But when I did the
>search, I got the following message:
>
>ldapsearch -Y DIGEST-MD5 -U u00997 -b 'dc=rtp,dc=KiNETWORKS,dc=com'
>'cn=Andrew'
>SASL/DIGEST-MD5 authentication started
>Please enter your password:
>ldap_sasl_interactive_bind_s: Internal (implementation specific) error
>(80)
> additional info: SASL(-13): user not found: no secret in
>database
>
>I have an entry in the Directory as the following:
>
># Andrew, engineer, rtp.KiNETWORKS.com
>dn: cn=Andrew,cn=engineer,dc=rtp,dc=KiNETWORKS,dc=com
>objectClass: person
>objectClass: inetOrgPerson
>cn: Andrew
>sn: Findlay
>uid: u00997
>userPassword:: c2VjcmV0
>
>================== slapd.conf ====================
>password-hash {CLEARTEXT}
>sasl-regexp
> uid=(.*),cn=rtp.KiNETWORKS.com,cn=digest-md5,cn=auth
> uid=$1,cn=enigneer,dc=rtp,dc=KiNETWORKS,dc=com
>================================================
>
>Could anyone tell if anything is wrong with the above sasl-regexp
>mapping?
>I even ran the debugger and found that in servers/slapd/saslauthz.c, at
>line
>302, the function call regexec( ) didn't return a 0 with the above
>sasl-regexp.
>And the following is in the "reg" structure during the debugging:
>*reg = {
> sr_match = 0x83e3fd8
>"uid=(.*),cn=rtp.KiNETWORKS.com,cn=digest-md5,cn=auth"
> sr_replace = 0x83a67b8
>"uid=$1,cn=enigneer,dc=rtp,dc=KiNETWORKS,dc=com"
> sr_workspace = {
> re_nsub = 1U
> re_comp = 0x83baba8
> re_cflags = 5
> re_erroff = 0
> re_len = 108U
> re_sc = 0x83bac30
> }
> sr_strings = (
>{
> rm_sp = 0x656e6973 "<bad address 0x656e6973>"
> rm_ep = 0x61437373 "<bad address 0x61437373>"
> rm_so = 1869047156
> rm_eo = 606108018
> rm_ss = 1918984992
> rm_es = 1701013836
> }{
> rm_sp = 0x2065736e "<bad address 0x2065736e>"
> rm_ep = 0x65642024 "<bad address 0x65642024>"
> rm_so = 1953653104
> rm_eo = 1953391981
> rm_ss = 1651340622
> rm_es = 606106213
> }{
> rm_sp = 0x69640920 "<bad address 0x69640920>"
> rm_ep = 0x616c7073 "<bad address 0x616c7073>"
> rm_so = 1835093625
> rm_eo = 539238501
> rm_ss = 1819307365
> rm_es = 1701149039
> }{
> rm_sp = 0x626d754e "<bad address 0x626d754e>"
> rm_ep = 0x24207265 "<bad address 0x24207265>"
> rm_so = 1886217504
> rm_eo = 1702457196
> rm_ss = 1886999653
> rm_es = 539238501
> }{
> rm_sp = 0x65766967 "<bad address 0x65766967>"
> rm_ep = 0x6d614e6e "<bad address 0x6d614e6e>"
> rm_so = 539238501
> rm_eo = 1836017673
> rm_ss = 1869107301
> rm_es = 606102894
> }{
> rm_sp = 0x6d6f6820 "<bad address 0x6d6f6820>"
> rm_ep = 0x736f5065 "<bad address 0x736f5065>"
> rm_so = 1097621876
> rm_eo = 1701995620
> rm_ss = 606106483
> rm_es = 1768843552
> }{
> rm_sp = 0x6c616974 "<bad address 0x6c616974>"
> rm_ep = 0x20242073 "<bad address 0x20242073>"
> rm_so = 1734701162
> rm_eo = 1953458256
> rm_ss = 539238511
> rm_es = 1650551817
> }{
> rm_sp = 0x64656c65 "<bad address 0x64656c65>"
> rm_ep = 0x20495255 "<bad address 0x20495255>"
> rm_so = 1634541604
> rm_eo = 606104681
> rm_ss = 1851878688
> rm_es = 1919248225
> }{
> rm_sp = 0x6d202420 "<bad address 0x6d202420>"
> rm_ep = 0x6c69626f "<bad address 0x6c69626f>"
> rm_so = 539238501
> rm_eo = 539238511
> rm_ss = 1701273968
> rm_es = 539238514
> }{
> rm_sp = 0x6f687009 "<bad address 0x6f687009>"
> rm_ep = 0x24206f74 "<bad address 0x24206f74>"
> rm_so = 1869574688
> rm_eo = 1836404333
> rm_ss = 544367970
> rm_es = 1702043684
> }
>)
> sr_offset = (-2, 4, 46, -1, 1919251317, 1953654083, 1667851881,
>543519841, 2013863972, 1966092341, 1970366830, 1701071205)
>}
>
>
>
>================== log information for the slapd
>==========================
>==slap_sasl2dn: Converted SASL name to <nothing>
>SASL Canonicalize [conn=0]: authcDN="uid=u00997,cn=digest-md5,cn=auth"
>SASL Canonicalize [conn=0]: authzid="u00997"
>SASL [conn=0] Failure: no secret in database
>send_ldap_result: conn=0 op=1 p=3
>send_ldap_result: err=80 matched="" text="SASL(-13): user not found: no
>secret in database"
>send_ldap_response: msgid=2 tag=97 err=80
>ber_flush: 62 bytes to sd 11
> 0000: 30 3c 02 01 02 61 37 0a 01 50 04 00 04 30 53 41
>0<...a7..P...0SA
> 0010: 53 4c 28 2d 31 33 29 3a 20 75 73 65 72 20 6e 6f SL(-13):
>user no
> 0020: 74 20 66 6f 75 6e 64 3a 20 6e 6f 20 73 65 63 72 t found: no
>secr
> 0030: 65 74 20 69 6e 20 64 61 74 61 62 61 73 65 et in
>database
>ldap_write: want=62, written=62
> 0000: 30 3c 02 01 02 61 37 0a 01 50 04 00 04 30 53 41
>0<...a7..P...0SA
> 0010: 53 4c 28 2d 31 33 29 3a 20 75 73 65 72 20 6e 6f SL(-13):
>user no
> 0020: 74 20 66 6f 75 6e 64 3a 20 6e 6f 20 73 65 63 72 t found: no
>secr
> 0030: 65 74 20 69 6e 20 64 61 74 61 62 61 73 65 et in
>database
>conn=0 op=1 RESULT tag=97 err=80 text=SASL(-13): user not found: no
>secret in database
><== slap_sasl_bind: rc=80
>daemon: select: listen=7 active_threads=1 tvp=NULL
>daemon: activity on 1 descriptors
>daemon: activity on: 11r
>daemon: read activity on 11
>connection_get(11)
>connection_get(11): got connid=0
>connection_read(11): checking for input on id=0
>ber_get_next
>ldap_read: want=9, got=0
>
>ber_get_next on fd 11 failed errno=0 (Error 0)
>connection_read(11): input error=-2 id=0, closing.
>connection_closing: readying conn=0 sd=11 for close
>connection_close: conn=0 sd=11
>daemon: removing 11
>conn=0 fd=11 closed
>daemon: select: listen=7 active_threads=0 tvp=NULL
>daemon: activity on 1 descriptors
>daemon: select: listen=7 active_threads=0 tvp=NULL
>
>======================================================================
>
>Thanks very much for your help.
>
>Cindy Wang
>Software Product Engineer
>KiNETWORKS
>NOTICE: This E-mail may contain confidential information. If you are not
>the addressee or the intended recipient please do not read this E-mail
>and please immediately delete this e-mail message and any attachments
>from your workstation or network mail system. If you are the addressee
>or the intended recipient and you save or print a copy of this E-mail,
>please place it in an appropriate file, depending on whether
>confidential information is contained in the message.
>
>
>
>