[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL problem



Please, give any ideas.

db-4.3.28,
cyrus-sasl-2.1.21,
openldap 2.3.7
from FreeBSD ports
on the fresh installed FreeBSD 4.11 (no more installed packages)


I have troubles with SASL authentication on Openldap server.

I run ldapwhoami:
====================================
test# ldapwhoami -U testuser
SASL/DIGEST-MD5 authentication started
====================================
...and the program hangs, password request does not occur.

I test SASL installation with sample server and client from cyrus-sasl distribution. All tests have passed successfully.


Directory structure: ==================================== dn: dc=test,dc=ru objectClass: top objectClass: dcObject objectClass: organization dc: test o: test

dn: cn=manager,dc=test,dc=ru
objectClass: top
objectClass: organizationalRole
cn: manager

dn: ou=users,dc=test,dc=ru
objectClass: top
objectClass: organizationalUnit
ou: users

dn: uid=test,ou=users,dc=test,dc=ru
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: test
cn: test
sn: testov
userPassword: test098
====================================

slapd.conf:
====================================
include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/misc.schema
pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args
allow   bind_v2

database        bdb
suffix          "dc=test,dc=ru"
rootdn          "cn=manager,dc=test,dc=ru"
rootpw          test9274
directory       /var/db/openldap-data
index   objectClass     eq
index   uid             eq,pres

sasl-regexp
  uid=([^,]*),cn=digest-md5,cn=auth
  uid=$1,cn=users,dc=test,dc=ru

sasl-regexp
  uid=([^,]*),cn=test.ru,cn=digest-md5,cn=auth
  uid=$1,cn=users,dc=test,dc=ru
====================================

End of "ldapwhoami -U test -d -1" debug
====================================
ldap_sasl_interactive_bind_s: server supports: DIGEST-MD5 CRAM-MD5
ldap_int_sasl_bind: DIGEST-MD5 CRAM-MD5
ldap_int_sasl_open: host=test.ae.ru
SASL/DIGEST-MD5 authentication started
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ber_flush: 26 bytes to sd 3
0000: 30 18 02 01 02 60 13 02 01 03 04 00 a3 0c 04 0a 0....`..........
0010: 44 49 47 45 53 54 2d 4d 44 35 DIGEST-MD5
ldap_write: want=26, written=26
0000: 30 18 02 01 02 60 13 02 01 03 04 00 a3 0c 04 0a 0....`..........
0010: 44 49 47 45 53 54 2d 4d 44 35 DIGEST-MD5
ldap_result msgid 2
ldap_chkResponseList for msgid=2, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 2
wait4msg continue, msgid 2, all 1
** Connections:
* host: localhost port: 389 (default)
refcnt: 2 status: Connected
last used: Thu Oct 6 01:35:52 2005


** Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
ldap_chkResponseList for msgid=2, all=1
ldap_chkResponseList returns NULL
ldap_int_select
====================================


End of "slapd -d -1" debug
====================================
daemon: activity on 1 descriptors
daemon: activity on: 13r
daemon: read activity on 13
connection_get(13)
connection_get(13): got connid=3
connection_read(13): checking for input on id=3
ber_get_next
ldap_read: want=8, got=8
0000: 30 18 02 01 02 60 13 02 0....`..
ldap_read: want=18, got=18
0000: 01 03 04 00 a3 0c 04 0a 44 49 47 45 53 54 2d 4d ........DIGEST-M
0010: 44 35 D5
ber_get_next: tag 0x30 len 24 contents:
ber_dump: buf=0x0820f8e0 ptr=0x0820f8e0 end=0x0820f8f8 len=24
0000: 02 01 02 60 13 02 01 03 04 00 a3 0c 04 0a 44 49 ...`..........DI
0010: 47 45 53 54 2d 4d 44 35 GEST-MD5
ber_get_next
ldap_read: want=8 error=(null)
ber_get_next on fd 13 failed errno=35 (Resource temporarily unavailable)
daemon: select: listen=8 active_threads=0 tvp=NULL
daemon: select: listen=9 active_threads=0 tvp=NULL
do_bind
ber_scanf fmt ({imt) ber:
ber_dump: buf=0x0820f8e0 ptr=0x0820f8e3 end=0x0820f8f8 len=21
0000: 60 13 02 01 03 04 00 a3 0c 04 0a 44 49 47 45 53 `..........DIGES
0010: 54 2d 4d 44 35 T-MD5
ber_scanf fmt ({m) ber:
ber_dump: buf=0x0820f8e0 ptr=0x0820f8ea end=0x0820f8f8 len=14
0000: 00 0c 04 0a 44 49 47 45 53 54 2d 4d 44 35 ....DIGEST-MD5
ber_scanf fmt (}}) ber:
ber_dump: buf=0x0820f8e0 ptr=0x0820f8f8 end=0x0820f8f8 len=0


>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_sasl_bind: dn () mech DIGEST-MD5
conn=3 op=1 BIND dn="" method=163
==> sasl_bind: dn="" mech=DIGEST-MD5 datalen=0
SASL [conn=3] Debug: DIGEST-MD5 server step 1
====================================

What else can I do to find the reason of error?


Thank you.

Best regards,
Fyodor Smirnov