[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldapdb broken with sasl-2.1.19? (somewhat cleared up)
Igor Brezac wrote:
How do you know the plugin is not working? Have you tested the plugin
with the sample client and server software that comes with cyrus-sasl
($cyrus-sasl-src/sample)?
Hi Igor, Dieter thanks for your answers.
Well, I have to confess: I didn't tested but "trusted" the error
message. Now after testing with ldapwhoami and postfix I can say it
actually works as long as you do not use regexp's in saslAuthzTo:
attribute (had same problem with 2.2.12+sasl-2.1.18)
those -1 logs show the problem:
autzTo errors:
Aug 11 13:41:29 holzkopp slapd[12690]: ==>slap_sasl_check_authz: does
uid=pkoelle,ou=users,dc=holzkopp,dc=b17 match saslAuthzTo rule in
cn=ldapadmin,ou=adminusers,dc=holzkopp,dc=b17?
Aug 11 13:41:29 holzkopp slapd[12690]: => bdb_entry_get: ndn:
"cn=ldapadmin,ou=adminusers,dc=holzkopp,dc=b17"
Aug 11 13:41:29 holzkopp slapd[12690]: => bdb_entry_get: oc: "(null)",
at: "saslAuthzTo"
Aug 11 13:41:29 holzkopp slapd[12690]:
bdb_dn2entry("cn=ldapadmin,ou=adminusers,dc=holzkopp,dc=b17")
Aug 11 13:41:29 holzkopp slapd[12690]: bdb_entry_get: rc=0
Aug 11 13:41:29 holzkopp slapd[12690]: ===>slap_sasl_match: comparing DN
uid=pkoelle,ou=users,dc=holzkopp,dc=b17 to rule
uid=[^,]+,ou=users,dc=holzkopp,dc=b17
Aug 11 13:41:29 holzkopp slapd[12690]: slap_parseURI: parsing
uid=[^,]+,ou=users,dc=holzkopp,dc=b17
Aug 11 13:41:29 holzkopp slapd[12690]: >>> dnNormalize:
<uid=[^,]+,ou=users,dc=holzkopp,dc=b17>
Aug 11 13:41:29 holzkopp slapd[12690]: <===slap_sasl_match: comparison
returned 21
Aug 11 13:41:29 holzkopp slapd[12690]: <==slap_sasl_check_authz:
saslAuthzTo check returning 48
Aug 11 13:41:29 holzkopp slapd[12690]: <== slap_sasl_authorized: return 48
Aug 11 13:41:29 holzkopp slapd[12690]: <= get_ctrls: n=1 rc=47 err="not
authorized to assume identity"
or:
Aug 11 13:59:58 holzkopp slapd[12594]: ===>slap_sasl_match: comparing DN
uid=pkoelle,ou=users,dc=holzkopp,dc=b17 to rule
uid=.*,ou=users,dc=holzkopp,dc=b17
Aug 11 13:59:58 holzkopp slapd[12594]: slap_parseURI: parsing
uid=.*,ou=users,dc=holzkopp,dc=b17
Aug 11 13:59:58 holzkopp slapd[12594]: >>> dnNormalize:
<uid=.*,ou=users,dc=holzkopp,dc=b17>
Aug 11 13:59:58 holzkopp slapd[12594]: <<< dnNormalize:
<uid=.*,ou=users,dc=holzkopp,dc=b17>
Aug 11 13:59:58 holzkopp slapd[12594]: <===slap_sasl_match: comparison
returned 48
success:
Aug 11 13:51:00 holzkopp slapd[12593]: ===>slap_sasl_match: comparing DN
uid=pko
elle,ou=users,dc=holzkopp,dc=b17 to rule
uid=[^,]+,ou=users,dc=holzkopp,dc=b17
Aug 11 13:51:00 holzkopp slapd[12593]: slap_parseURI: parsing
uid=[^,]+,ou=users,dc=holzkopp,dc=b17
Aug 11 13:51:00 holzkopp slapd[12593]: >>> dnNormalize:
<uid=[^,]+,ou=users,dc=holzkopp,dc=b17>
Aug 11 13:51:00 holzkopp slapd[12593]: <===slap_sasl_match: comparison
returned21
Aug 11 13:51:00 holzkopp slapd[12593]: ===>slap_sasl_match: comparing DN
uid=pkoelle,ou=users,dc=holzkopp,dc=b17 to rule
uid=pkoelle,ou=users,dc=holzkopp,dc=b17
Aug 11 13:51:00 holzkopp slapd[12593]: slap_parseURI: parsing
uid=pkoelle,ou=users,dc=holzkopp,dc=b17
Aug 11 13:51:00 holzkopp slapd[12593]: >>> dnNormalize:
<uid=pkoelle,ou=users,dc=holzkopp,dc=b17>
Aug 11 13:51:00 holzkopp slapd[12593]: <<< dnNormalize:
<uid=pkoelle,ou=users,dc=holzkopp,dc=b17>
Aug 11 13:51:00 holzkopp slapd[12593]: <===slap_sasl_match: comparison
returned
0
BTW: the log output from slapd is getting *really* useful. I cannot say
if its me getting used to it or if it actually improved.
greetings
Paul