[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
SASL problem
Please, give any ideas.
db-4.3.28,
cyrus-sasl-2.1.21,
openldap 2.3.7
from FreeBSD ports
on the fresh installed FreeBSD 4.11 (no more installed packages)
I have troubles with SASL authentication on Openldap server.
I run ldapwhoami:
====================================
test# ldapwhoami -U testuser
SASL/DIGEST-MD5 authentication started
====================================
...and the program hangs, password request does not occur.
I test SASL installation with sample server and client from cyrus-sasl
distribution. All tests have passed successfully.
Directory structure:
====================================
dn: dc=test,dc=ru
objectClass: top
objectClass: dcObject
objectClass: organization
dc: test
o: test
dn: cn=manager,dc=test,dc=ru
objectClass: top
objectClass: organizationalRole
cn: manager
dn: ou=users,dc=test,dc=ru
objectClass: top
objectClass: organizationalUnit
ou: users
dn: uid=test,ou=users,dc=test,dc=ru
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: test
cn: test
sn: testov
userPassword: test098
====================================
slapd.conf:
====================================
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/misc.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
allow bind_v2
database bdb
suffix "dc=test,dc=ru"
rootdn "cn=manager,dc=test,dc=ru"
rootpw test9274
directory /var/db/openldap-data
index objectClass eq
index uid eq,pres
sasl-regexp
uid=([^,]*),cn=digest-md5,cn=auth
uid=$1,cn=users,dc=test,dc=ru
sasl-regexp
uid=([^,]*),cn=test.ru,cn=digest-md5,cn=auth
uid=$1,cn=users,dc=test,dc=ru
====================================
End of "ldapwhoami -U test -d -1" debug
====================================
ldap_sasl_interactive_bind_s: server supports: DIGEST-MD5 CRAM-MD5
ldap_int_sasl_bind: DIGEST-MD5 CRAM-MD5
ldap_int_sasl_open: host=test.ae.ru
SASL/DIGEST-MD5 authentication started
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ber_flush: 26 bytes to sd 3
0000: 30 18 02 01 02 60 13 02 01 03 04 00 a3 0c 04 0a
0....`..........
0010: 44 49 47 45 53 54 2d 4d 44 35 DIGEST-MD5
ldap_write: want=26, written=26
0000: 30 18 02 01 02 60 13 02 01 03 04 00 a3 0c 04 0a
0....`..........
0010: 44 49 47 45 53 54 2d 4d 44 35 DIGEST-MD5
ldap_result msgid 2
ldap_chkResponseList for msgid=2, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 2
wait4msg continue, msgid 2, all 1
** Connections:
* host: localhost port: 389 (default)
refcnt: 2 status: Connected
last used: Thu Oct 6 01:35:52 2005
** Outstanding Requests:
* msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
** Response Queue:
Empty
ldap_chkResponseList for msgid=2, all=1
ldap_chkResponseList returns NULL
ldap_int_select
====================================
End of "slapd -d -1" debug
====================================
daemon: activity on 1 descriptors
daemon: activity on: 13r
daemon: read activity on 13
connection_get(13)
connection_get(13): got connid=3
connection_read(13): checking for input on id=3
ber_get_next
ldap_read: want=8, got=8
0000: 30 18 02 01 02 60 13 02 0....`..
ldap_read: want=18, got=18
0000: 01 03 04 00 a3 0c 04 0a 44 49 47 45 53 54 2d 4d
........DIGEST-M
0010: 44 35 D5
ber_get_next: tag 0x30 len 24 contents:
ber_dump: buf=0x0820f8e0 ptr=0x0820f8e0 end=0x0820f8f8 len=24
0000: 02 01 02 60 13 02 01 03 04 00 a3 0c 04 0a 44 49
...`..........DI
0010: 47 45 53 54 2d 4d 44 35 GEST-MD5
ber_get_next
ldap_read: want=8 error=(null)
ber_get_next on fd 13 failed errno=35 (Resource temporarily unavailable)
daemon: select: listen=8 active_threads=0 tvp=NULL
daemon: select: listen=9 active_threads=0 tvp=NULL
do_bind
ber_scanf fmt ({imt) ber:
ber_dump: buf=0x0820f8e0 ptr=0x0820f8e3 end=0x0820f8f8 len=21
0000: 60 13 02 01 03 04 00 a3 0c 04 0a 44 49 47 45 53
`..........DIGES
0010: 54 2d 4d 44 35 T-MD5
ber_scanf fmt ({m) ber:
ber_dump: buf=0x0820f8e0 ptr=0x0820f8ea end=0x0820f8f8 len=14
0000: 00 0c 04 0a 44 49 47 45 53 54 2d 4d 44 35 ....DIGEST-MD5
ber_scanf fmt (}}) ber:
ber_dump: buf=0x0820f8e0 ptr=0x0820f8f8 end=0x0820f8f8 len=0
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_sasl_bind: dn () mech DIGEST-MD5
conn=3 op=1 BIND dn="" method=163
==> sasl_bind: dn="" mech=DIGEST-MD5 datalen=0
SASL [conn=3] Debug: DIGEST-MD5 server step 1
====================================
What else can I do to find the reason of error?
Thank you.
Best regards,
Fyodor Smirnov