[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Repost: ldapdb.c problem
Sorry I've somewhat tired after patching files by hands.
Hello over there,
I'm trying to get sasl working with sasldb plug-in that comes with
OpenLDAP on FreeBSD 5.1 without success. I've tried both ldapdb.c
patches that comes with OpenLDAP 2.1.22 and from CVSWeb at openldap.org
for Cyrus SASL 2.13. Also, I've tried to put libraries into both
/usr/lib/sasl2/ and /usr/local/lib/sasl2/ but that doesn't make any
difference.
I'm testing it with sample (server, client) from sasl distribution. I
always get user not found error. Can someone help me?
Hope that someone will help me,
Andrey Nepomnyaschih
P.S. The ldapwhoami works.
ldapwhoami -U rednasy -X u:rednasy -Y DIGEST-MD5 -H ldapi:///
SASL/DIGEST-MD5 authentication started
Please enter your password:
SASL username: u:rednasy
SASL SSF: 128
SASL installing layers
dn:uid=rednasy,ou=users,dc=chartpilot,dc=ru
Here are output:
root /usr/ports/security/cyrus-sasl2/work/cyrus-sasl-2.1.13/sample$
./server
trying 28, 1, 6
trying 2, 1, 6
accepted new connection
send: {46}
NTLM LOGIN ANONYMOUS PLAIN DIGEST-MD5 CRAM-MD5
recv: {10}
DIGEST-MD5
recv: {1}
N
send: {124}
nonce="ioAWlBKAOvBnRP5emY1Jy6JhevR8/o//Ex0y3pirtK4=",realm="flora.chartp
ilot.ru",qop="auth",charset=utf-8,algorithm=md5-sess
recv: {244}
username="rednasy",realm="flora.chartpilot.ru",nonce="ioAWlBKAOvBnRP5emY
1Jy6JhevR8/o//Ex0y3pirtK4=",cnonce="299usQRHGFjAXvvcBc80o89mKCduMO0bE2ai
cY7HWjA=",nc=00000001,qop=auth,digest-uri="rcmd/localhost",response=4ef6
ba318c544296f3090e91d47d08df
performing SASL negotiation: user not foundclosing connection
root /usr/ports/security/cyrus-sasl2/work/cyrus-sasl-2.1.13/sample$
./client -p 12345 localhost
receiving capability list... recv: {46}
NTLM LOGIN ANONYMOUS PLAIN DIGEST-MD5 CRAM-MD5
NTLM LOGIN ANONYMOUS PLAIN DIGEST-MD5 CRAM-MD5
send: {10}
DIGEST-MD5
send: {1}
N
recv: {124}
nonce="ioAWlBKAOvBnRP5emY1Jy6JhevR8/o//Ex0y3pirtK4=",realm="flora.chartp
ilot.ru",qop="auth",charset=utf-8,algorithm=md5-sess
please enter an authentication id: rednasy
please enter an authorization id: rednasy
Password:
send: {244}
username="rednasy",realm="flora.chartpilot.ru",nonce="ioAWlBKAOvBnRP5emY
1Jy6JhevR8/o//Ex0y3pirtK4=",cnonce="299usQRHGFjAXvvcBc80o89mKCduMO0bE2ai
cY7HWjA=",nc=00000001,qop=auth,digest-uri="rcmd/localhost",response=4ef6
ba318c544296f3090e91d47d08df
authentication failed
closing connection
The console also logs the following:
Jul 18 17:14:28 flora lt-server: auxpropfunc error -7
Jul 18 17:14:34 flora lt-server: no secret in database
This is the way I got libldap.a and and libldap.so.2
/bin/sh ../libtool --mode=compile cc -DHAVE_CONFIG_H -I. -I. -I..
-I../include -I../lib -I../sasldb -I/usr/local/include/db41
-I/usr/local/include -Wall -W -Wall -O -pipe -mcpu=pentiumpro
-Wl,-rpath,/usr/lib:/usr/local/lib -c ldapdb.c
/bin/sh ../libtool --mode=link cc -Wall -W -Wall -O -pipe
-mcpu=pentiumpro -Wl,-rpath,/usr/lib:/usr/local/lib -L/usr/local/lib
-R/usr/local/lib -rpath=/usr/lib:/usr/local/lib -module -export-dynamic
-rpath /usr/local/lib/sasl2 -o libldap.la -version-info 2:13:0
ldapdb.lo -lldap -llber -L/usr/local/lib -R/usr/local/lib -ldb41
The /usr/local/lib/sasl2/sample.conf:
pwcheck_method: auxprop
auxprop_plugin: ldapdb
ldapdb_uri: ldapi://
ldapdb_id: rednasy
ldapdb_pw: password
ldapdb_mech: DIGEST-MD5
The base LDAP structure is as follows:
dn: dc=chartpilot,dc=ru
objectClass: top
objectclass: dcObject
objectClass: organization
o: Chart Pilot Ltd.
dc: chartpilot
dn: cn=Manager,dc=chartpilot,dc=ru
objectClass: top
objectclass: organizationalRole
cn: Manager
dn: ou=Users,dc=chartpilot,dc=ru
objectClass: top
objectClass: organizationalUnit
ou: Users
dn: uid=rednasy,ou=Users,dc=chartpilot,dc=ru
objectClass: inetOrgPerson
objectClass: posixAccount
cn: Andrey Nepomnyaschih
uid: rednasy
displayName: Andrey Nepomnyaschih
uidNumber: xxx
gidNumber: xxx
homeDirectory: /home/nas
loginShell: /usr/local/bin/bash
userPassword: password
sn: Nepomnyaschih
givenName: Andrey
saslAuthzTo: uid=.*,ou=Users,dc=chartpilot,dc=ru
I added the following lines to slapd.conf
sasl-regexp
uid=(.*),cn=.*,cn=.*,cn=auth
uid=$1,ou=Users,dc=chartpilot,dc=ru
sasl-regexp
uid=(.*),cn=.*,cn=auth
uid=$1,ou=Users,dc=chartpilot,dc=ru
password-hash {CLEARTEXT}
sasl-authz-policy to