[Date Prev][Date Next] [Chronological] [Thread] [Top]

openldap 2.1.17 sasl auth problems



Greets all.. 

Im trying to configure openldap to use sasl and have the secrets stored in
the directory itself.

I have a working 2.0.x (from redhat) server up and running with a dozen or
so objects in it. Compiling cyrus-sasl-2.1.13 using --with-ldap I can use
the testsaslauth to prove that the compile worked.

When I slapcat/slapadd to upgrade the database (from ldbm to bdb) I had to
hand modify the ldif file because 2.0.x seemed to be a bit less carefull
checking my structure then it should have... And I changed some users
userPassword entries to a Base64 encoded strings of "{PLAINTEXT}password"
just for sanity sake..

When I try to do a simple query it fails to bind:

[jeffw@clio saslauthd]$ ldapsearch -W -D "cn=jeffw, ou=staff, ou=groups,
o=chebucto, c=ca" -W -a always -b "o=chebucto,c=ca" "(objectclass=*)" -Y
CRAM-MD5 -U jeffw -I
Enter LDAP Password:
SASL/CRAM-MD5 authentication started
SASL Interaction
Default: jeffw
Please enter your authentication name:
Default: password
Please enter your password:
ldap_sasl_interactive_bind_s: Internal (implementation specific) error
(80)
        additional info: SASL(-13): user not found: no secret in database

>From the slapd side:


[root@clio openldap]# /usr/local/libexec/slapd -f /etc/openldap/slapd.conf
-d 4
daemon_init: <null>
daemon: socket() failed errno=97 (Address family not supported by
protocol)
bdb_initialize: Sleepycat Software: Berkeley DB 4.1.25: (December 19,
2002)
bdb_db_init: Initializing BDB database
bdb_db_open: o=chebucto,c=ca
slapd starting
connection_get(12)
==> sasl_bind: dn="cn=jeffw,ou=staff,ou=groups,o=chebucto,c=ca"
mech=CRAM-MD5 datalen=0
connection_get(12)
==> sasl_bind: dn="cn=jeffw,ou=staff,ou=groups,o=chebucto,c=ca"
mech=<continuing> datalen=38
SASL Canonicalize [conn=0]: authcid="jeffw"
slap_sasl_getdn: id=jeffw [len=5]
SASL Canonicalize [conn=0]:
authcDN="uid=jeffw,ou=staff,ou=people,o=chebucto,c=ca"
base_candidates: base: "uid=jeffw,ou=staff,ou=people,o=chebucto,c=ca"
(0x0000000c)
SASL [conn=0] Failure: no secret in database
send_ldap_result: err=80 matched="" text="SASL(-13): user not found: no
secret in database"
connection_get(12)


The authcDN is correct as is the password. I just added "uid=jeffw...."
with slapadd so I have no idea wtf is up :) Anyone have any ideas? 

tia...