[Date Prev][Date Next] [Chronological] [Thread] [Top]
cyrus-sasl-2.1.15 and openldap-2.1.22 on FreeBSD 4.8 Release

To: <openldap-software@OpenLDAP.org>
Subject: cyrus-sasl-2.1.15 and openldap-2.1.22 on FreeBSD 4.8 Release
From: "Shane Hunsley" <shane.hunsley@fabricomairport.co.uk>
Date: Tue, 29 Jul 2003 14:33:31 +0100
Importance: Normal
Organization: Fabricom Airport Systems (UK) Ltd
Hi all,

I'm trying to get cyrus-sasl-2.1.15 and openldap-2.1.22 to work together
on FreeBSD 4.8 Release. OpenLDAP works without a problem but if I try to
authenticate using SASL it appears to hang rather than prompting me for
a password. I added the line WITH-SASL=yes to the Makefile to get the
FreeBSD port to compile with SASL support. What am I doing wrong?

command
#============begin==================
mail# ldapsearch -U shunsley
SASL/DIGEST-MD5 authentication started

#=============end===================================

slapd.conf
#============begin==================
include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/outlook.schema

pidfile         /var/run/ldap/slapd.pid
argsfile        /var/run/ldap/slapd.args

password-hash {CLEARTEXT}

TLSCACertificateFile /usr/local/etc/openldap/cacert.pem
TLSCertificateFile /usr/local/etc/openldap/newcert.pem
TLSCertificateKeyFile /usr/local/etc/openldap/newreq.pem

sasl-regexp uid=(.*),cn=mail.widget.com,cn=DIGEST-MD5,cn=auth
uid=$1,ou=user,dc=widget.com

access to attr=userPassword
  by self write
  by anonymous auth
  by dn.base="cn=Manager" write
  by * none

access to *
  by self write
  by dn.base="cn=Manager" write
  by * read

database        bdb
suffix          ""
rootdn          "cn=Manager"

rootpw          {SSHA}6U+CvXirYcNLDRBHKEwGBIMYJwViQDBT
directory       /var/db/openldap-data

index   objectClass,uid eq
#=============end===================================

Output from running slapd with -d -1
#============begin==================
daemon: activity on 1 descriptors
daemon: new connection on 13
str2filter "(objectclass=*)"
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
begin get_filter
PRESENT
ber_scanf fmt (m) ber:
ber_dump: buf=0x08161000 ptr=0x08161000 end=0x0816100d len=13
  0000:  87 0b 6f 62 6a 65 63 74  63 6c 61 73 73
..objectclass
end get_filter 0
conn=0 fd=13 ACCEPT from IP=::1 1177 (IP=:: 389)
daemon: added 13r
daemon: activity on:
daemon: select: listen=8 active_threads=0 tvp=NULL
daemon: select: listen=9 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 13r
daemon: read activity on 13
connection_get(13)
connection_get(13): got connid=0
connection_read(13): checking for input on id=0
ber_get_next
ldap_read: want=8, got=8
  0000:  30 3e 02 01 01 63 39 04                            0>...c9.
ldap_read: want=56, got=56
  0000:  00 0a 01 00 0a 01 00 02  01 00 02 01 00 01 01 00
................
  0010:  87 0b 6f 62 6a 65 63 74  63 6c 61 73 73 30 19 04
..objectclass0..
  0020:  17 73 75 70 70 6f 72 74  65 64 53 41 53 4c 4d 65
.supportedSASLMe
  0030:  63 68 61 6e 69 73 6d 73                            chanisms
ber_get_next: tag 0x30 len 62 contents:
ber_dump: buf=0x081216c0 ptr=0x081216c0 end=0x081216fe len=62
  0000:  02 01 01 63 39 04 00 0a  01 00 0a 01 00 02 01 00
...c9...........
  0010:  02 01 00 01 01 00 87 0b  6f 62 6a 65 63 74 63 6c
........objectcl
  0020:  61 73 73 30 19 04 17 73  75 70 70 6f 72 74 65 64
ass0...supported
  0030:  53 41 53 4c 4d 65 63 68  61 6e 69 73 6d 73
SASLMechanisms
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable ber_get_next on
fd 13 failed errno=35 (Resource temporarily unavailable) do_search
ber_scanf fmt ({miiiib) ber:
ber_dump: buf=0x081216c0 ptr=0x081216c3 end=0x081216fe len=59
  0000:  63 39 04 00 0a 01 00 0a  01 00 02 01 00 02 01 00
c9..............
  0010:  01 01 00 87 0b 6f 62 6a  65 63 74 63 6c 61 73 73
.....objectclass
  0020:  30 19 04 17 73 75 70 70  6f 72 74 65 64 53 41 53
0...supportedSAS
  0030:  4c 4d 65 63 68 61 6e 69  73 6d 73                  LMechanisms
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
SRCH "" 0 0    0 0 0
begin get_filter
PRESENT
ber_scanf fmt (m) ber:
ber_dump: buf=0x081216c0 ptr=0x081216d6 end=0x081216fe len=40
  0000:  87 0b 6f 62 6a 65 63 74  63 6c 61 73 73 30 19 04
..objectclass0..
  0010:  17 73 75 70 70 6f 72 74  65 64 53 41 53 4c 4d 65
.supportedSASLMe
  0020:  63 68 61 6e 69 73 6d 73                            chanisms
end get_filter 0
    filter: (objectClass=*)
ber_scanf fmt ({M}}) ber:
ber_dump: buf=0x081216c0 ptr=0x081216e3 end=0x081216fe len=27
  0000:  00 19 04 17 73 75 70 70  6f 72 74 65 64 53 41 53
....supportedSAS
  0010:  4c 4d 65 63 68 61 6e 69  73 6d 73                  LMechanisms
    attrs: supportedSASLMechanisms
conn=0 op=0 SRCH base="" scope=0 filter="(objectClass=*)" conn=0 op=0
SRCH attr=supportedSASLMechanisms => test_filter
    PRESENT
=> access_allowed: search access to "" "objectClass" requested =>
acl_get: [1] check attr objectClass => acl_get: [2] check attr
objectClass <= acl_get: [2] acl  attr: objectClass => acl_mask: access
to entry "", attr "objectClass" requested => acl_mask: to all values by
"", (=n) <= check a_dn_pat: self <= check a_dn_pat: cn=manager <= check
a_dn_pat: * <= acl_mask: [3] applying read(=rscx) (stop) <= acl_mask:
[3] mask: read(=rscx) => access_allowed: search access granted by
read(=rscx) <= test_filter 6 => send_search_entry: dn="" =>
access_allowed: read access to "" "entry" requested => acl_get: [1]
check attr entry => acl_get: [2] check attr entry <= acl_get: [2] acl
attr: entry => acl_mask: access to entry "", attr "entry" requested =>
acl_mask: to all values by "", (=n) <= check a_dn_pat: self <= check
a_dn_pat: cn=manager <= check a_dn_pat: * <= acl_mask: [3] applying
read(=rscx) (stop) <= acl_mask: [3] mask: read(=rscx) => access_allowed:
read access granted by read(=rscx) => access_allowed: read access to ""
"supportedSASLMechanisms" requested => acl_get: [1] check attr
supportedSASLMechanisms => acl_get: [2] check attr
supportedSASLMechanisms <= acl_get: [2] acl  attr:
supportedSASLMechanisms
access_allowed: no res from state (supportedSASLMechanisms)
=> acl_mask: access to entry "", attr "supportedSASLMechanisms"
requested => acl_mask: to all values by "", (=n) <= check a_dn_pat: self
<= check a_dn_pat: cn=manager <= check a_dn_pat: * <= acl_mask: [3]
applying read(=rscx) (stop) <= acl_mask: [3] mask: read(=rscx) =>
access_allowed: read access granted by read(=rscx)
ber_flush: 73 bytes to sd 13
  0000:  30 47 02 01 01 64 42 04  00 30 3e 30 3c 04 17 73
0G...dB..0>0<..s
  0010:  75 70 70 6f 72 74 65 64  53 41 53 4c 4d 65 63 68
upportedSASLMech
  0020:  61 6e 69 73 6d 73 31 21  04 04 4e 54 4c 4d 04 03
anisms1!..NTLM..
  0030:  4f 54 50 04 0a 44 49 47  45 53 54 2d 4d 44 35 04
OTP..DIGEST-MD5.
  0040:  08 43 52 41 4d 2d 4d 44  35                        .CRAM-MD5
ldap_write: want=73, written=73
  0000:  30 47 02 01 01 64 42 04  00 30 3e 30 3c 04 17 73
0G...dB..0>0<..s
  0010:  75 70 70 6f 72 74 65 64  53 41 53 4c 4d 65 63 68
upportedSASLMech
  0020:  61 6e 69 73 6d 73 31 21  04 04 4e 54 4c 4d 04 03
anisms1!..NTLM..
  0030:  4f 54 50 04 0a 44 49 47  45 53 54 2d 4d 44 35 04
OTP..DIGEST-MD5.
  0040:  08 43 52 41 4d 2d 4d 44  35                        .CRAM-MD5
conn=0 op=0 ENTRY dn=""
<= send_search_entry
send_ldap_result: conn=0 op=0 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=1 tag=101 err=0
ber_flush: 14 bytes to sd 13
  0000:  30 0c 02 01 01 65 07 0a  01 00 04 00 04 00
0....e........
ldap_write: want=14, written=14
  0000:  30 0c 02 01 01 65 07 0a  01 00 04 00 04 00
0....e........
conn=0 op=0 RESULT tag=101 err=0 text=
daemon: select: listen=8 active_threads=0 tvp=NULL
daemon: select: listen=9 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 13r
daemon: read activity on 13
connection_get(13)
connection_get(13): got connid=0
connection_read(13): checking for input on id=0
ber_get_next
ldap_read: want=8, got=8
  0000:  30 18 02 01 02 60 13 02                            0....`..
ldap_read: want=18, got=18
  0000:  01 03 04 00 a3 0c 04 0a  44 49 47 45 53 54 2d 4d
........DIGEST-M
  0010:  44 35                                              D5
ber_get_next: tag 0x30 len 24 contents:
ber_dump: buf=0x08127ce0 ptr=0x08127ce0 end=0x08127cf8 len=24
  0000:  02 01 02 60 13 02 01 03  04 00 a3 0c 04 0a 44 49
...`..........DI
  0010:  47 45 53 54 2d 4d 44 35                            GEST-MD5
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable ber_get_next on
fd 13 failed errno=35 (Resource temporarily unavailable) do_bind
ber_scanf fmt ({imt) ber:
ber_dump: buf=0x08127ce0 ptr=0x08127ce3 end=0x08127cf8 len=21
  0000:  60 13 02 01 03 04 00 a3  0c 04 0a 44 49 47 45 53
`..........DIGES
  0010:  54 2d 4d 44 35                                     T-MD5
ber_scanf fmt ({o) ber:
ber_dump: buf=0x08127ce0 ptr=0x08127cea end=0x08127cf8 len=14
  0000:  00 0c 04 0a 44 49 47 45  53 54 2d 4d 44 35
....DIGEST-MD5
ber_scanf fmt (}}) ber:
ber_dump: buf=0x08127ce0 ptr=0x08127cf8 end=0x08127cf8 len=0

>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_sasl_bind: dn () mech DIGEST-MD5
conn=0 op=1 BIND dn="" method=163
==> sasl_bind: dn="" mech=DIGEST-MD5 datalen=0
SASL [conn=0] Debug: DIGEST-MD5 server step 1
daemon: select: listen=8 active_threads=1 tvp=NULL
daemon: select: listen=9 active_threads=1 tvp=NULL
#=============end===================================

Many thanks,

Shane
Follow-Ups:
- Re: cyrus-sasl-2.1.15 and openldap-2.1.22 on FreeBSD 4.8 Release
  - From: Alexander Lunyov <lan_mailing@startatom.ru>
Prev by Date: RE: OpenLDAP segfaults when used with ssl
Next by Date: Re: SAMBA and LDAP
Index(es):
- Chronological
- Thread