[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Problem with SASL/EXTERNAL authentication from JAVA-program
- To: <OpenLDAP-Software@OpenLDAP.org>
- Subject: Problem with SASL/EXTERNAL authentication from JAVA-program
- From: "Martin Pels" <pels@sara.nl>
- Date: Wed, 10 May 2006 10:34:07 +0200
- Content-class: urn:content-classes:message
- Thread-index: AcZ0DIEXte/wv2okRPO+RwyRdsvkNQ==
- Thread-topic: Problem with SASL/EXTERNAL authentication from JAVA-program
Hi,
I have an OpenLDAP server running to which I'm trying to connect from a
JAVA-program, using SASL/EXTERNAL with a client certificate.
I'm using the example from
http://forgeftp.novell.com/jldap/checkin/default/unix/samples/SaslExtern
alBind.java.
As the attached log shows I'm getting an error on line 33:
TLS trace: SSL_accept:error in SSLv3 read client certificate A
This is likely the cause of the server returning an error on line 138.
Connecting to this server using ldapsearch with SASL/EXTERNAL and the
same client certificate works fine.
Could someone give me a few pointers on where to look on fixing this or
to some JAVA example code that does work?
Thanks in advance.
Regards,
Martin Pels
SARA Computing & Networking Services
High Performance Computing
Tel. +31 (0)20 592 3000
http://www.sara.nl
1 daemon: select: listen=6 active_threads=0 tvp=NULL
2 daemon: activity on 1 descriptors
3 daemon: activity on: 10r
4 daemon: read activity on 10
5 connection_get(10)
6 connection_get(10): got connid=0
7 connection_read(10): checking for input on id=0
8 TLS trace: SSL_accept:before/accept initialization
9 tls_read: want=11, got=11
10 0000: 80 62 01 03 01 00 39 00 00 00 20 .b....9...
11 tls_read: want=89, got=89
12 0000: 00 00 04 01 00 80 00 00 05 00 00 2f 00 00 33 00 .........../..3.
13 0010: 00 32 00 00 0a 07 00 c0 00 00 16 00 00 13 00 00 .2..............
14 0020: 09 06 00 40 00 00 15 00 00 12 00 00 03 02 00 80 ...@............
15 0030: 00 00 08 00 00 14 00 00 11 44 61 9e 77 5c 18 70 .........Da.w\.p
16 0040: 85 a4 51 24 a9 e6 19 ed 5d c7 fb d4 63 40 dc fd ..Q$....]...c@..
17 0050: 35 be 02 dd 47 31 af da 5c 5...G1..\
18 TLS trace: SSL_accept:SSLv3 read client hello A
19 TLS trace: SSL_accept:SSLv3 write server hello A
20 TLS trace: SSL_accept:SSLv3 write certificate A
21 tls_write: want=4096, written=4096
22 0000: 16 03 01 00 4a 02 00 00 46 03 01 44 61 9e 77 c8 ....J...F..Da.w.
23
24 [..]
25 0ff0: 30 24 06 03 55 04 03 13 1d 44 46 4e 2d 56 65 72 0$..U....DFN-Ver
26 TLS trace: SSL_accept:SSLv3 write certificate request A
27 tls_write: want=4080, written=4080
28 0000: 65 69 6e 20 55 73 65 72 20 43 41 20 47 72 69 64 ein User CA Grid
29 [..]
30 0fe0: 79 40 70 63 61 2e 64 66 6e 2e 64 65 0e 00 00 00 y@pca.dfn.de....
31 TLS trace: SSL_accept:SSLv3 flush data
32 tls_read: want=5 error=Resource temporarily unavailable
33 TLS trace: SSL_accept:error in SSLv3 read client certificate A
34 TLS trace: SSL_accept:error in SSLv3 read client certificate A
35 daemon: select: listen=6 active_threads=0 tvp=NULL
36 daemon: activity on 1 descriptors
37 daemon: activity on: 10r
38 daemon: read activity on 10
39 connection_get(10)
40 connection_get(10): got connid=0
41 connection_read(10): checking for input on id=0
42 tls_read: want=5, got=5
43 0000: 16 03 01 0a 38 ....8
44 tls_read: want=2616, got=2616
45 0000: 0b 00 09 ae 00 09 ab 00 04 e5 30 82 04 e1 30 82 ..........0...0.
46 [..]
47 0a30: dd 02 74 5e ce fb 12 f5 ..t^....
48 TLS certificate verification: depth: 1, err: 0, subject: /C=NL/O=NIKHEF/CN=NIKHEF medium-security certification auth, issuer: /C=NL/O=NIKHEF/CN=NIKHEF medium-security certification auth
49 TLS certificate verification: depth: 0, err: 0, subject: /O=dutchgrid/O=hosts/OU=sara.nl/CN=uni-njs1.sara.nl, issuer: /C=NL/O=NIKHEF/CN=NIKHEF medium-security certification auth
50 TLS trace: SSL_accept:SSLv3 read client certificate A
51 TLS trace: SSL_accept:SSLv3 read client key exchange A
52 tls_read: want=5 error=Resource temporarily unavailable
53 TLS trace: SSL_accept:error in SSLv3 read certificate verify A
54 daemon: select: listen=6 active_threads=0 tvp=NULL
55 daemon: activity on 1 descriptors
56 daemon: activity on: 10r
57 daemon: read activity on 10
58 connection_get(10)
59 connection_get(10): got connid=0
60 connection_read(10): checking for input on id=0
61 tls_read: want=5, got=5
62 0000: 16 03 01 00 86 .....
63 tls_read: want=134, got=134
64 0000: 0f 00 00 82 00 80 9c 21 a8 59 2b a0 5a 92 73 59 .......!.Y+.Z.sY
65 0010: 99 46 77 b6 99 3e 2a 60 c5 0e 8d 01 64 51 46 24 .Fw..>*`....dQF$
66 0020: df 41 61 30 be 5b c6 69 df c2 e4 ab c7 e5 7d 7c .Aa0.[.i......}|
67 0030: a8 ef e2 61 a4 43 b8 2a 76 88 78 27 b3 ce b2 eb ...a.C.*v.x'....
68 0040: d2 1d e0 b3 39 4f aa fd 9a 2f 3c a6 20 07 cc 7c ....9O.../<. ..|
69 0050: 06 2a 07 08 50 71 b3 56 b2 40 8e b2 07 dd 69 ad .*..Pq.V.@....i.
70 0060: 32 f0 13 c1 54 93 b9 c7 b2 26 1a bd c4 7f 8b d8 2...T....&......
71 0070: 7b 95 d8 d0 95 ff 06 f9 54 bc 1c 1b b8 0a 41 af {.......T.....A.
72 0080: 14 8b 61 f4 10 c7 ..a...
73 TLS trace: SSL_accept:SSLv3 read certificate verify A
74 tls_read: want=5 error=Resource temporarily unavailable
75 TLS trace: SSL_accept:error in SSLv3 read finished A
76 daemon: select: listen=6 active_threads=0 tvp=NULL
77 daemon: activity on 1 descriptors
78 daemon: activity on: 10r
79 daemon: read activity on 10
80 connection_get(10)
81 connection_get(10): got connid=0
82 connection_read(10): checking for input on id=0
83 tls_read: want=5, got=5
84 0000: 14 03 01 00 01 .....
85 tls_read: want=1, got=1
86 0000: 01 .
87 tls_read: want=5, got=5
88 0000: 16 03 01 00 20 ....
89 tls_read: want=32, got=32
90 0000: 02 59 b7 cf fa b6 62 bc 68 b5 31 ec f0 a1 64 58 .Y....b.h.1...dX
91 0010: 89 02 0e 20 e6 04 42 11 7a a6 61 90 b6 35 ca ea ... ..B.z.a..5..
92 TLS trace: SSL_accept:SSLv3 read finished A
93 TLS trace: SSL_accept:SSLv3 write change cipher spec A
94 TLS trace: SSL_accept:SSLv3 write finished A
95 tls_write: want=43, written=43
96 0000: 14 03 01 00 01 01 16 03 01 00 20 b1 f0 63 0b ff .......... ..c..
97 0010: 41 0c 3c ec 2d b6 43 e5 a8 39 9b 45 1a e4 d8 43 A.<.-.C..9.E...C
98 0020: 90 33 bf bf 8d 4a ab 4f f4 0b 9d .3...J.O...
99 TLS trace: SSL_accept:SSLv3 flush data
100 => ldap_dn2bv(16)
101 ldap_err2string
102 <= ldap_dn2bv(cn=uni-njs1.sara.nl,ou=sara.nl,o=hosts,o=dutchgrid)=0 Success
103 daemon: select: listen=6 active_threads=0 tvp=NULL
104 daemon: activity on 1 descriptors
105 daemon: activity on: 10r
106 daemon: read activity on 10
107 connection_get(10)
108 connection_get(10): got connid=0
109 connection_read(10): checking for input on id=0
110 ber_get_next
111 tls_read: want=5, got=5
112 0000: 17 03 01 00 28 ....(
113 tls_read: want=40, got=40
114 0000: 96 95 c6 10 7c b1 5c 9f 37 e5 8f 7f 3c 04 b9 6e ....|.\.7...<..n
115 0010: d5 e0 db 0c a2 a1 37 41 03 1f 61 aa 3b 51 54 57 ......7A..a.;QTW
116 0020: c5 59 0f da d0 69 61 3c .Y...ia<
117 ldap_read: want=8, got=8
118 0000: 30 16 02 01 01 60 11 02 0....`..
119 ldap_read: want=16, got=16
120 0000: 01 03 04 00 a3 0a 04 08 45 58 54 45 52 4e 41 4c ........EXTERNAL
121 ber_get_next: tag 0x30 len 22 contents:
122 ber_get_next
123 tls_read: want=5 error=Resource temporarily unavailable
124 ldap_read: want=8 error=Resource temporarily unavailable
125 ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable)
126 daemon: select: listen=6 active_threads=0 tvp=NULL
127 daemon: activity on 1 descriptors
128 daemon: select: listen=6 active_threads=0 tvp=NULL
129 do_bind
130 ber_scanf fmt ({imt) ber:
131 ber_scanf fmt ({m) ber:
132 ber_scanf fmt (}}) ber:
133 >>> dnPrettyNormal: <>
134 <<< dnPrettyNormal: <>, <>
135 do_sasl_bind: dn () mech EXTERNAL
136 ==> sasl_bind: dn="" mech=EXTERNAL datalen=0
137 send_ldap_sasl: err=14 len=0
138 send_ldap_response: msgid=1 tag=97 err=14
139 ber_flush: 16 bytes to sd 10
140 0000: 30 0e 02 01 01 61 09 0a 01 0e 04 00 04 00 87 00 0....a..........
141 tls_write: want=37, written=37
142 0000: 17 03 01 00 20 a7 00 21 5f 88 90 f3 3c cc 78 be .... ..!_...<.x.
143 0010: 19 a1 51 b1 bc 1d 32 e5 e1 6a 03 98 c6 69 02 41 ..Q...2..j...i.A
144 0020: 06 dd bc 88 3a ....:
145 ldap_write: want=16, written=16
146 0000: 30 0e 02 01 01 61 09 0a 01 0e 04 00 04 00 87 00 0....a..........
147 <== slap_sasl_bind: rc=14
148 daemon: activity on 1 descriptors
149 daemon: activity on: 10r
150 daemon: read activity on 10
151 connection_get(10)
152 connection_get(10): got connid=0
153 connection_read(10): checking for input on id=0
154 ber_get_next
155 tls_read: want=5, got=0
156 ldap_read: want=8, got=0
157 ber_get_next on fd 10 failed errno=0 (Success)
158 connection_read(10): input error=-2 id=0, closing.
159 connection_closing: readying conn=0 sd=10 for close
160 connection_close: conn=0 sd=10
161 daemon: removing 10
162 tls_write: want=23, written=23
163 0000: 15 03 01 00 12 2a db 02 cf f6 17 e1 b8 ab dd 7c .....*.........|
164 0010: 7b e4 42 5b 06 b1 d2 {.B[...
165 TLS trace: SSL3 alert write:warning:close notify
166 daemon: select: listen=6 active_threads=0 tvp=NULL
167 daemon: activity on 1 descriptors
168 daemon: select: listen=6 active_threads=0 tvp=NULL
169 daemon: shutdown requested and initiated.
170 daemon: closing 6
171 slapd shutdown: waiting for 0 threads to terminate
172 slapd shutdown: initiated
173 ====> bdb_cache_release_all
174 slapd shutdown: freeing system resources.
175 slapd stopped.