[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL EXTERNAL via ldapi

To: OpenLDAP-software@OpenLDAP.org
Subject: Re: SASL EXTERNAL via ldapi
From: "James F. Hranicky" <jfh@cise.ufl.edu>
Date: Tue, 22 Nov 2005 16:56:38 -0500
In-reply-to: <20051122135654.71450f63.jfh@cise.ufl.edu>
Organization: University of Florida CISE Department
References: <20051121133008.3a97a8b8.jfh@cise.ufl.edu> <43821AB8.8070403@stroeder.com> <20051121163413.18dac331.jfh@cise.ufl.edu> <20051122132607.4b1f4efb.jfh@cise.ufl.edu> <20051122135654.71450f63.jfh@cise.ufl.edu>

On Tue, 22 Nov 2005 13:56:54 -0500
"James F. Hranicky" <jfh@cise.ufl.edu> wrote:

> I just realized I never mentioned my platform:
> 
> 	OS		:	Sol 10 x86
> 	openldap	:	2.3.12
> 	sasl		:	2.1.21
> 	BDB		:	4.2.52+patches
> 	compiler	:	SUNWspro, gcc 3.4.4

Another data point: 2.3.6 works properly, 2.3.7 fails as 2.3.12 does. I've
done a recursive diff between the two but nothing obvious jumps out at
me. However, looking at the output of slapd running with "-d 1 -d 4 -d 256"
shows what's going on (edited for readability: doubly indented lines are 
continuations).

Here's 2.3.6:

    do_sasl_bind: dn () mech EXTERNAL
    conn=0 op=1 BIND dn="" method=163
    ==> sasl_bind: dn="" mech=EXTERNAL datalen=0
    SASL Canonicalize [conn=0]: 
        authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
    slap_sasl_getdn: conn 0 
        id=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth [len=55]
    ==>slap_sasl2dn: converting SASL name 
        gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth to a DN
    slap_authz_regexp: converting SASL name 
        gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
    <==slap_sasl2dn: Converted SASL name to <nothing>
    SASL Canonicalize [conn=0]: 
        slapAuthcDN="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
    SASL proxy authorize [conn=0]:
        authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth@CISE.UFL.EDU"
        authzid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth@CISE.UFL.EDU"
    conn=0 op=1 BIND 
        authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth@CISE.UFL.EDU"
        authzid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth@CISE.UFL.EDU"
    SASL Authorize [conn=0]:  proxy authorization allowed authzDN=""
    send_ldap_sasl: err=0 len=-1
    send_ldap_response: msgid=1 tag=97 err=0
    ber_flush: 14 bytes to sd 10
    conn=0 op=1 RESULT tag=97 err=0 text=
    <== slap_sasl_bind: rc=0
    conn=0 op=1 BIND 
        dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" mech=EXTERNAL ssf=0
    do_bind: SASL/EXTERNAL bind: 
        dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" ssf=0

Here's 2.3.7:

    do_sasl_bind: dn () mech EXTERNAL
    conn=0 op=0 BIND dn="" method=163
    ==> sasl_bind: dn="" mech=EXTERNAL datalen=0
    send_ldap_result: conn=0 op=0 p=3
    send_ldap_result: err=7 matched="" text="SASL(-4): no mechanism available: "
    send_ldap_response: msgid=1 tag=97 err=7
    ber_flush: 48 bytes to sd 11
    
For some reason, slap_sasl_canonicalize() doesn't appear to get called. 

I can probably work on it some more tomorrow, but if anyone has any ideas that'd
be great.

Jim

References:
- SASL EXTERNAL via ldapi
  - From: "James F. Hranicky" <jfh@cise.ufl.edu>
- Re: SASL EXTERNAL via ldapi
  - From: Michael Ströder <michael@stroeder.com>
- Re: SASL EXTERNAL via ldapi
  - From: "James F. Hranicky" <jfh@cise.ufl.edu>
- Re: SASL EXTERNAL via ldapi
  - From: "James F. Hranicky" <jfh@cise.ufl.edu>
- Re: SASL EXTERNAL via ldapi
  - From: "James F. Hranicky" <jfh@cise.ufl.edu>

Prev by Date: Re: SASL EXTERNAL via ldapi
Next by Date: slapd locks up and wont work till "killall -KILL slapd"
Index(es):
- Chronological
- Thread