[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SASL EXTERNAL via ldapi
On Tue, 22 Nov 2005 13:56:54 -0500
"James F. Hranicky" <jfh@cise.ufl.edu> wrote:
> I just realized I never mentioned my platform:
>
> OS : Sol 10 x86
> openldap : 2.3.12
> sasl : 2.1.21
> BDB : 4.2.52+patches
> compiler : SUNWspro, gcc 3.4.4
Another data point: 2.3.6 works properly, 2.3.7 fails as 2.3.12 does. I've
done a recursive diff between the two but nothing obvious jumps out at
me. However, looking at the output of slapd running with "-d 1 -d 4 -d 256"
shows what's going on (edited for readability: doubly indented lines are
continuations).
Here's 2.3.6:
do_sasl_bind: dn () mech EXTERNAL
conn=0 op=1 BIND dn="" method=163
==> sasl_bind: dn="" mech=EXTERNAL datalen=0
SASL Canonicalize [conn=0]:
authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
slap_sasl_getdn: conn 0
id=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth [len=55]
==>slap_sasl2dn: converting SASL name
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth to a DN
slap_authz_regexp: converting SASL name
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
<==slap_sasl2dn: Converted SASL name to <nothing>
SASL Canonicalize [conn=0]:
slapAuthcDN="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
SASL proxy authorize [conn=0]:
authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth@CISE.UFL.EDU"
authzid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth@CISE.UFL.EDU"
conn=0 op=1 BIND
authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth@CISE.UFL.EDU"
authzid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth@CISE.UFL.EDU"
SASL Authorize [conn=0]: proxy authorization allowed authzDN=""
send_ldap_sasl: err=0 len=-1
send_ldap_response: msgid=1 tag=97 err=0
ber_flush: 14 bytes to sd 10
conn=0 op=1 RESULT tag=97 err=0 text=
<== slap_sasl_bind: rc=0
conn=0 op=1 BIND
dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" mech=EXTERNAL ssf=0
do_bind: SASL/EXTERNAL bind:
dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" ssf=0
Here's 2.3.7:
do_sasl_bind: dn () mech EXTERNAL
conn=0 op=0 BIND dn="" method=163
==> sasl_bind: dn="" mech=EXTERNAL datalen=0
send_ldap_result: conn=0 op=0 p=3
send_ldap_result: err=7 matched="" text="SASL(-4): no mechanism available: "
send_ldap_response: msgid=1 tag=97 err=7
ber_flush: 48 bytes to sd 11
For some reason, slap_sasl_canonicalize() doesn't appear to get called.
I can probably work on it some more tomorrow, but if anyone has any ideas that'd
be great.
Jim