[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
SASL EXTERNAL via ldapi
I just upgraded from a June 2005 2.3 CVS snapshot to 2.3.12, and I
can't seem to connect via ldapi/EXTERNAL anymore:
# ldapsearch -H ldapi:/// -Y EXTERNAL
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Authentication method not supported (7)
additional info: SASL(-4): no mechanism available:
slapd with -d 256 is reporting this:
conn=8 fd=18 ACCEPT from PATH=/usr/local/var/run/ldapi (PATH=/usr/local/var/run/ldapi)
conn=8 op=0 BIND dn="" method=163
conn=8 op=0 RESULT tag=97 err=7 text=SASL(-4): no mechanism available:
conn=8 fd=18 closed (connection lost)
Google's not giving me any love -- does anyone know what's going on?
----------------------------------------------------------------------
| Jim Hranicky, Senior SysAdmin UF/CISE Department |
| E314D CSE Building Phone (352) 392-1499 |
| jfh@cise.ufl.edu http://www.cise.ufl.edu/~jfh |
----------------------------------------------------------------------
P.S.:
Here's my configure line:
./configure \
--enable-aci \
--prefix=/usr/local \
--enable-shared \
--enable-modules \
--enable-local \
--with-cyrus-sasl \
--disable-syslog \
--enable-meta \
--enable-monitor \
--enable-ldap \
--enable-spasswd \
--enable-overlays \
--enable-slapi \
--enable-accesslog \
--enable-lastmod \
--enable-refint \
--enable-syncprov \
--enable-proxycache \
--enable-translucent \
--enable-unique \
--enable-valsort
Here's slapd.conf:
#################### GLOBAL ##################
## schema files (core.schema is required by default)
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/samba.schema
include /usr/local/etc/openldap/schema/krb5-kdc.schema
include /usr/local/etc/openldap/schema/openxchange.schema
include /usr/local/etc/openldap/schema/host-extended.schema
allow bind_v2
allow bind_anon_cred
allow bind_anon_dn
allow update_anon
pidfile /var/run/slapd.pid
modulepath /usr/local/libexec/openldap
#moduleload smbk5pwd.la
threads 8
# SASL configuration
sasl-host server.cise.ufl.edu
sasl-realm CISE.UFL.EDU
sasl-secprops noplain
#password-hash {SSHA}
# SSL
TLSCACertificateFile /usr/local/lib/ssl/certs/cise-cacert.pem
TLSCertificateKeyFile /usr/local/lib/ssl/certs/glow.cise.ufl.edu-key.pem
TLSCertificateFile /usr/local/lib/ssl/certs/glow.cise.ufl.edu-cert.pem
#
# Mappings
#
authz-regexp "uidNumber=0\\\+gidNumber=.*,cn=peercred,cn=external,cn=auth"
"cn=ldapadmin,dc=cise,dc=ufl,dc=edu"
authz-regexp "uidNumber=0\\\+gidNumber=.*,cn=peercred,cn=external,cn=auth"
"krb5PrincipalName=kadmin/admin@CISE.UFL.EDU"
authz-regexp
"uid=(.+),cn=plain,cn=auth"
"uid=$1,ou=Users,dc=cise,dc=ufl,dc=edu"
authz-regexp
"uid=(.+),cn=gssapi,cn=auth"
"uid=$1,ou=Users,dc=cise,dc=ufl,dc=edu"
# Allow read access of root DSE to ALL
access to dn=""
by * read
access to dn.base=""
by * read
access to dn.regex="(.*,)?dc=cise,dc=ufl,dc=edu"
attrs="sambaLMPassword,sambaNTPassword,sambaPasswordHistory,krb5Key,krb5EncryptionType,krb5KeyVersionNumber,krb5PasswordEnd"
by dn="cn=ldapadmin,dc=cise,dc=ufl,dc=edu" write
by anonymous auth
access to dn.regex="(.*,)?dc=cise,dc=ufl,dc=edu" attrs="userPassword"
by dn="cn=ldapadmin,dc=cise,dc=ufl,dc=edu" write
by anonymous auth
by self write
by * none
access to dn.regex="uid=([^,]+),ou=Users,dc=cise,dc=ufl,dc=edu" attrs=children
by dn.exact,expand="uid=$1,ou=users,dc=cise,dc=ufl,dc=edu" write
by dn.exact,expand="uid=$1,ou=Users,dc=cise,dc=ufl,dc=edu" write
by dn.exact,expand="krb5PrincipalName=$1@CISE.UFL.EDU" write
by * read
access to dn.regex="ou=userabook,uid=([^,]+),ou=Users,dc=cise,dc=ufl,dc=edu"
by dn.exact,expand="uid=$1,ou=users,dc=cise,dc=ufl,dc=edu" write
by dn.exact,expand="uid=$1,ou=Users,dc=cise,dc=ufl,dc=edu" write
by dn.exact,expand="krb5PrincipalName=$1@CISE.UFL.EDU" write
by * read
access to dn.regex="ou=addr,uid=([^,]+),ou=Users,dc=cise,dc=ufl,dc=edu"
by dn.exact,expand="uid=$1,ou=users,dc=cise,dc=ufl,dc=edu" write
by dn.exact,expand="uid=$1,ou=Users,dc=cise,dc=ufl,dc=edu" write
by dn.exact,expand="krb5PrincipalName=$1@CISE.UFL.EDU" write
by * read
access to *
by dn="cn=ldapadmin,dc=cise,dc=ufl,dc=edu" read
by dn="cn=ldapadmin,dc=cise,dc=ufl,dc=edu" write
by * read
access to attrs=supportedSASLMechanisms,subschemaSubentry
by anonymous read
by * read
#################### END GLOBAL ##################
#################### DATABASE ##################
database bdb
suffix dc=cise,dc=ufl,dc=edu
rootdn cn=ldapadmin,dc=cise,dc=ufl,dc=edu
directory /var/ldap/db
cachesize 100000
sizelimit unlimited
idlcachesize 300000
checkpoint 1024 5
lastmod on
rootpw {SSHA}.......
#overlay smbk5pwd
# Indices to maintain
## required by OpenLDAP
index objectClass eq
index cn pres,sub,eq,approx
index sn pres,sub,eq,approx
## required to support pdb_getsampwnam
index uid pres,sub,eq,approx
## required to support pdb_getsambapwrid()
index displayName pres,sub,eq
## uncomment these if you are storing posixAccount and
## posixGroup entries in the directory as well
index uidNumber eq
index gidNumber eq
index memberUid eq
index uniqueMember eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
index loginShell pres,sub,eq
index homeDirectory pres,sub,eq
index nisNetgroupTriple pres,sub,eq
index memberNisNetgroup pres,eq,sub
index krb5PrincipalName pres,eq