[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: slurpd -d9 --- Invalid credentials
Hi Kurt,
Thanks for the reply...
I did get OpenLDAP with TLS working before. Now it's just the SASL part for replication.
I found this online and used it to make sure SASL is working.
http://www.mathematik.uni-marburg.de/sys/os/linux/install/tasks.html#sasl
Server side ( <snort02>, since snort01[ master LDAP ] is acting as client for slurpd )
[root@snort02 openldap]# sasl-sample-server -s ldap
Generating client mechanism list...
Sending list of 5 mechanism(s)
S: UExBSU4gTE9HSU4gRElHRVNULU1ENSBDUkFNLU1ENSBBTk9OWU1PVVM=
Waiting for client mechanism...
C: RElHRVNULU1ENQA=
got 'DIGEST-MD5'
Sending response...
S: cmVhbG09InNub3J0MDIucHJvLXVubGltaXRlZC5jb20iLG5vbmNlPSJZTmd3WGtsTklnS3Z6YmZVVGhJOHBXUTk0c1pSOVJaNkpESUcxb3JIS3JJPSIscW9wPSJhdXRoLGF1dGgtaW50LGF1dGgtY29uZiIsY2lwaGVyPSJyYzQtNDAscmM0LTU2LHJjNCxkZXMsM2RlcyIsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M=
Waiting for client reply...
C: dXNlcm5hbWU9InJlcGxpY2F0b3IiLHJlYWxtPSJzbm9ydDAyLnByby11bmxpbWl0ZWQuY29tIixub25jZT0iWU5nd1hrbE5JZ0t2emJmVVRoSThwV1E5NHNaUjlSWjZKRElHMW9ySEtyST0iLGNub25jZT0iT3RiYS8wZEdUVXhpNktJS3lSYUM2dnlCRUJYcythdFhlekdXVDA0R3U2cz0iLG5jPTAwMDAwMDAxLHFvcD1hdXRoLWNvbmYsY2lwaGVyPSJyYzQiLGNoYXJzZXQ9dXRmLTgsZGlnZXN0LXVyaT0ibGRhcC8iLHJlc3BvbnNlPTA1ZGE0ZTI1NjE0MjU1ZTFiNjMwMzJiZDM2NDY5Y2Nk
got 'username="replicator",realm="snort02.pro-unlimited.com",nonce="YNgwXklNIgKvzbfUThI8pWQ94sZR9RZ6JDIG1orHKrI=",cnonce="Otba/0dGTUxi6KIKyRaC6vyBEBXs+atXezGWT04Gu6s=",nc=00000001,qop=auth-conf,cipher="rc4",charset=utf-8,digest-uri="ldap/",response=05da4e25614255e1b63032bd36469ccd'
Sending response...
S: cnNwYXV0aD1mNDdiNDhhZThlNjllNmIyZWVjNGU3OWYzNGE0NzVkOA==
Waiting for client reply...
C:
got ''
Negotiation complete
Username: replicator
Realm: snort02.pro-unlimited.com
SSF: 128
client side ( snort01, since snort02[ slave LDAP ] would act as server to update it's db )
[root@snort01 openldap]# sasl-sample-client -s ldap -a replicator -u replicator -r snort02.pro-unlimited.com
service=ldap
Waiting for mechanism list from server...
S: UExBSU4gTE9HSU4gRElHRVNULU1ENSBDUkFNLU1ENSBBTk9OWU1PVVM=
Choosing best mechanism from: PLAIN LOGIN DIGEST-MD5 CRAM-MD5 ANONYMOUS
Using mechanism DIGEST-MD5
Preparing initial.
Sending initial response...
C: RElHRVNULU1ENQA=
Waiting for server reply...
S: cmVhbG09InNub3J0MDIucHJvLXVubGltaXRlZC5jb20iLG5vbmNlPSJZTmd3WGtsTklnS3Z6YmZVVGhJOHBXUTk0c1pSOVJaNkpESUcxb3JIS3JJPSIscW9wPSJhdXRoLGF1dGgtaW50LGF1dGgtY29uZiIsY2lwaGVyPSJyYzQtNDAscmM0LTU2LHJjNCxkZXMsM2RlcyIsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M=
Password: <passwd>
Sending response...
C: dXNlcm5hbWU9InJlcGxpY2F0b3IiLHJlYWxtPSJzbm9ydDAyLnByby11bmxpbWl0ZWQuY29tIixub25jZT0iWU5nd1hrbE5JZ0t2emJmVVRoSThwV1E5NHNaUjlSWjZKRElHMW9ySEtyST0iLGNub25jZT0iT3RiYS8wZEdUVXhpNktJS3lSYUM2dnlCRUJYcythdFhlekdXVDA0R3U2cz0iLG5jPTAwMDAwMDAxLHFvcD1hdXRoLWNvbmYsY2lwaGVyPSJyYzQiLGNoYXJzZXQ9dXRmLTgsZGlnZXN0LXVyaT0ibGRhcC8iLHJlc3BvbnNlPTA1ZGE0ZTI1NjE0MjU1ZTFiNjMwMzJiZDM2NDY5Y2Nk
Waiting for server reply...
S: cnNwYXV0aD1mNDdiNDhhZThlNjllNmIyZWVjNGU3OWYzNGE0NzVkOA==
Sending response...
C:
Waiting for server reply...
Then, I used ldapsearch from server1 (snort01) to server2 (snort02) to make sure this piece is working as well
[root@snort01 openldap]# ldapsearch -h snort02.pro-unlimited.com -b "" -s base -LLL -Y DIGEST-MD5 -U replicator -X replicator -R snort02.pro-unlimited.com -Z supportedSASLMechanisms
SASL/DIGEST-MD5 authentication started
Please enter your password: <passwd>
SASL username: replicator
SASL realm: snort02.pro-unlimited.com
SASL SSF: 128
SASL installing layers
dn:
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5
At this point, I can see it is using SASL/DIGEST-MD5. But after I correct/update the replica in my /etc/openldap/slapd.conf file... I'm see this error on screen since running slurpd -d-1 ( also can be seen further below )
ldap_err2string
Error: ldap_modify_s failed modifying "Referral": uid=bmodi,ou=people,dc=pro-unlimited,dc=com
ldap_err2string
Error: ldap operation failed, data written to "/var/lib/ldap/replica/snort02.pro-unlimited.com:389.rej"
fm: exiting
end replication thread for snort02.pro-unlimited.com:389
On "server2" slapd.log file I see this, but I don't know what the error is. ( starting from sasl_bind )
Aug 11 12:55:43 snort02 slapd[16316]: do_sasl_bind: dn (uid=replicator,cn=snort02.pro-unlimited.com,cn=digest-md5,cn=auth) mech DIGEST-MD5
Aug 11 12:55:43 snort02 slapd[16316]: conn=60 op=1 BIND dn="UID=REPLICATOR,CN=SNORT02.PRO-UNLIMITED.COM,CN=DIGEST-MD5,CN=AUTH" method=163
Aug 11 12:55:43 snort02 slapd[16316]: ==> sasl_bind: dn="uid=replicator,cn=snort02.pro-unlimited.com,cn=digest-md5,cn=auth" mech=DIGEST-MD5 datalen=0
Aug 11 12:55:43 snort02 slapd[16316]: send_ldap_sasl: err=14 len=185
Aug 11 12:55:43 snort02 slapd[16316]: send_ldap_response: msgid=2 tag=97 err=14
Aug 11 12:55:43 snort02 slapd[16316]: <== slap_sasl_bind: rc=14
Aug 11 12:55:43 snort02 slapd[16304]: daemon: select: listen=6 active_threads=0 tvp=NULL
Aug 11 12:55:43 snort02 slapd[16304]: daemon: select: listen=7 active_threads=0 tvp=NULL
Aug 11 12:55:43 snort02 slapd[16304]: daemon: activity on 1 descriptors
Aug 11 12:55:43 snort02 slapd[16304]: daemon: select: listen=6 active_threads=0 tvp=NULL
Aug 11 12:55:43 snort02 slapd[16304]: daemon: select: listen=7 active_threads=0 tvp=NULL
Aug 11 12:55:43 snort02 slapd[16304]: daemon: activity on 1 descriptors
Aug 11 12:55:43 snort02 slapd[16304]: daemon: activity on:
Aug 11 12:55:43 snort02 slapd[16304]: 10r
Aug 11 12:55:43 snort02 slapd[16304]:
Aug 11 12:55:43 snort02 slapd[16304]: daemon: read activity on 10
Aug 11 12:55:43 snort02 slapd[16304]: connection_get(10)
Aug 11 12:55:43 snort02 slapd[16304]: connection_get(10): got connid=60
Aug 11 12:55:43 snort02 slapd[16304]: connection_read(10): checking for input on id=60
Aug 11 12:55:43 snort02 slapd[16317]: do_bind
Aug 11 12:55:43 snort02 slapd[16304]: ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable)
Aug 11 12:55:43 snort02 slapd[16317]: do_sasl_bind: dn (uid=replicator,cn=snort02.pro-unlimited.com,cn=digest-md5,cn=auth) mech DIGEST-MD5
Aug 11 12:55:43 snort02 slapd[16317]: conn=60 op=2 BIND dn="UID=REPLICATOR,CN=SNORT02.PRO-UNLIMITED.COM,CN=DIGEST-MD5,CN=AUTH" method=163
Aug 11 12:55:43 snort02 slapd[16317]: ==> sasl_bind: dn="uid=replicator,cn=snort02.pro-unlimited.com,cn=digest-md5,cn=auth" mech=<continuing> datalen=312
Aug 11 12:55:43 snort02 slapd[16317]: send_ldap_sasl: err=14 len=40
Aug 11 12:55:43 snort02 slapd[16317]: send_ldap_response: msgid=3 tag=97 err=14
Aug 11 12:55:43 snort02 slapd[16317]: <== slap_sasl_bind: rc=14
Aug 11 12:55:43 snort02 slapd[16304]: daemon: select: listen=6 active_threads=0 tvp=NULL
Aug 11 12:55:43 snort02 slapd[16304]: daemon: select: listen=7 active_threads=0 tvp=NULL
Aug 11 12:55:43 snort02 slapd[16304]: daemon: activity on 1 descriptors
Aug 11 12:55:43 snort02 slapd[16304]: daemon: select: listen=6 active_threads=0 tvp=NULL
Aug 11 12:55:43 snort02 slapd[16304]: daemon: select: listen=7 active_threads=0 tvp=NULL
Aug 11 12:55:43 snort02 slapd[16304]: daemon: activity on 1 descriptors
Aug 11 12:55:43 snort02 slapd[16304]: daemon: activity on:
Aug 11 12:55:43 snort02 slapd[16304]: 10r
Aug 11 12:55:43 snort02 slapd[16304]:
Aug 11 12:55:43 snort02 slapd[16304]: daemon: read activity on 10
Aug 11 12:55:43 snort02 slapd[16304]: connection_get(10)
Aug 11 12:55:43 snort02 slapd[16304]: connection_get(10): got connid=60
Aug 11 12:55:43 snort02 slapd[16304]: connection_read(10): checking for input on id=60
Aug 11 12:55:43 snort02 slapd[16882]: do_bind
Aug 11 12:55:43 snort02 slapd[16304]: ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable)
Aug 11 12:55:43 snort02 slapd[16882]: do_sasl_bind: dn (uid=replicator,cn=snort02.pro-unlimited.com,cn=digest-md5,cn=auth) mech DIGEST-MD5
Aug 11 12:55:43 snort02 slapd[16882]: conn=60 op=3 BIND dn="UID=REPLICATOR,CN=SNORT02.PRO-UNLIMITED.COM,CN=DIGEST-MD5,CN=AUTH" method=163
Aug 11 12:55:43 snort02 slapd[16882]: ==> sasl_bind: dn="uid=replicator,cn=snort02.pro-unlimited.com,cn=digest-md5,cn=auth" mech=<continuing> datalen=0
Aug 11 12:55:43 snort02 slapd[16882]: SASL Authorize [conn=60]: authcid="replicator" authzid="replicator"
Aug 11 12:55:43 snort02 slapd[16882]: SASL Authorize [conn=60]: "replicator" as "u:replicator"
Aug 11 12:55:43 snort02 slapd[16882]: slap_sasl_bind: username="u:replicator" realm="snort02.pro-unlimited.com" ssf=128
Aug 11 12:55:43 snort02 slapd[16882]: <== slap_sasl_bind: authzdn: "uid=replicator + realm=snort02.pro-unlimited.com"
Aug 11 12:55:43 snort02 slapd[16882]: send_ldap_sasl: err=0 len=-1
Aug 11 12:55:43 snort02 slapd[16882]: send_ldap_response: msgid=4 tag=97 err=0
Aug 11 12:55:43 snort02 slapd[16882]: <== slap_sasl_bind: rc=0
Aug 11 12:55:43 snort02 slapd[16304]: daemon: select: listen=6 active_threads=0 tvp=NULL
Aug 11 12:55:43 snort02 slapd[16304]: daemon: select: listen=7 active_threads=0 tvp=NULL
Aug 11 12:55:43 snort02 slapd[16304]: daemon: activity on 1 descriptors
Aug 11 12:55:43 snort02 slapd[16304]: daemon: select: listen=6 active_threads=0 tvp=NULL
Aug 11 12:55:43 snort02 slapd[16304]: daemon: select: listen=7 active_threads=0 tvp=NULL
Aug 11 12:55:43 snort02 slapd[16304]: daemon: activity on 1 descriptors
Aug 11 12:55:43 snort02 slapd[16304]: daemon: activity on:
Aug 11 12:55:43 snort02 slapd[16304]: 10r
Aug 11 12:55:43 snort02 slapd[16304]:
Aug 11 12:55:43 snort02 slapd[16304]: daemon: read activity on 10
Aug 11 12:55:43 snort02 slapd[16304]: connection_get(10)
Aug 11 12:55:43 snort02 slapd[16304]: connection_get(10): got connid=60
Aug 11 12:55:43 snort02 slapd[16304]: connection_read(10): checking for input on id=60
Aug 11 12:55:43 snort02 slapd[16316]: do_modify
Aug 11 12:55:43 snort02 slapd[16316]: do_modify: dn (uid=bmodi,ou=people,dc=pro-unlimited,dc=com)
Aug 11 12:55:43 snort02 slapd[16316]: => get_ctrls
Aug 11 12:55:43 snort02 slapd[16316]: => get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical)
Aug 11 12:55:43 snort02 slapd[16316]: <= get_ctrls: 1 0
Aug 11 12:55:43 snort02 slapd[16316]: modifications:
Aug 11 12:55:43 snort02 slapd[16316]: ^Ireplace: userPassword
Aug 11 12:55:43 snort02 slapd[16316]: conn=60 op=4 MOD dn="uid=bmodi,ou=people,dc=pro-unlimited,dc=com"
Aug 11 12:55:43 snort02 slapd[16316]: send_ldap_result: conn=60 op=4 p=3
Aug 11 12:55:43 snort02 slapd[16316]: send_ldap_result: 10::
Aug 11 12:55:43 snort02 slapd[16316]: send_ldap_result: referral: ldap://snort01.pro-unlimited.com
Aug 11 12:55:43 snort02 slapd[16316]: send_ldap_response: msgid=5 tag=103 err=10
Aug 11 12:55:43 snort02 slapd[16316]: send_ldap_response: ref=ldap://snort01.pro-unlimited.com
Aug 11 12:55:43 snort02 slapd[16304]: ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable)
Aug 11 12:55:43 snort02 slapd[16316]: conn=60 op=4 RESULT tag=103 err=10 text=
Aug 11 12:55:43 snort02 slapd[16304]: daemon: select: listen=6 active_threads=0 tvp=NULL
Aug 11 12:55:43 snort02 slapd[16304]: daemon: select: listen=7 active_threads=0 tvp=NULL
Aug 11 12:55:43 snort02 slapd[16304]: daemon: activity on 1 descriptors
Aug 11 12:55:43 snort02 slapd[16304]: daemon: select: listen=6 active_threads=0 tvp=NULL
Aug 11 12:55:43 snort02 slapd[16304]: daemon: select: listen=7 active_threads=0 tvp=NULL
Aug 11 12:55:43 snort02 slapd[16304]: daemon: activity on 1 descriptors
Aug 11 12:55:43 snort02 slapd[16304]: daemon: activity on:
Aug 11 12:55:43 snort02 slapd[16304]: 10r
Aug 11 12:55:43 snort02 slapd[16304]:
Aug 11 12:55:43 snort02 slapd[16304]: daemon: read activity on 10
Aug 11 12:55:43 snort02 slapd[16304]: connection_get(10)
Aug 11 12:55:43 snort02 slapd[16304]: connection_get(10): got connid=60
Aug 11 12:55:43 snort02 slapd[16304]: connection_read(10): checking for input on id=60
Aug 11 12:55:43 snort02 slapd[16317]: do_modify
Aug 11 12:55:43 snort02 slapd[16317]: do_modify: dn (uid=bmodi,ou=people,dc=pro-unlimited,dc=com)
Aug 11 12:55:43 snort02 slapd[16317]: => get_ctrls
Aug 11 12:55:43 snort02 slapd[16317]: => get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical)
Aug 11 12:55:43 snort02 slapd[16317]: <= get_ctrls: 1 0
Aug 11 12:55:43 snort02 slapd[16317]: modifications:
Aug 11 12:55:43 snort02 slapd[16317]: ^Ireplace: shadowLastChange
Aug 11 12:55:43 snort02 slapd[16317]: ^Ireplace: modifiersName
Aug 11 12:55:43 snort02 slapd[16317]: ^Ireplace: modifyTimestamp
Aug 11 12:55:43 snort02 slapd[16317]: conn=60 op=5 MOD dn="uid=bmodi,ou=people,dc=pro-unlimited,dc=com"
Aug 11 12:55:43 snort02 slapd[16317]: send_ldap_result: conn=60 op=5 p=3
Aug 11 12:55:43 snort02 slapd[16317]: send_ldap_result: 10::
Aug 11 12:55:43 snort02 slapd[16317]: send_ldap_result: referral: ldap://snort01.pro-unlimited.com
Aug 11 12:55:43 snort02 slapd[16317]: send_ldap_response: msgid=6 tag=103 err=10
Aug 11 12:55:43 snort02 slapd[16317]: send_ldap_response: ref=ldap://snort01.pro-unlimited.com
Aug 11 12:55:43 snort02 slapd[16304]: ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable)
Aug 11 12:55:43 snort02 slapd[16317]: conn=60 op=5 RESULT tag=103 err=10 text=
Aug 11 12:55:43 snort02 slapd[16304]: daemon: select: listen=6 active_threads=0 tvp=NULL
Aug 11 12:55:43 snort02 slapd[16304]: daemon: select: listen=7 active_threads=0 tvp=NULL
Aug 11 12:55:43 snort02 slapd[16304]: daemon: activity on 1 descriptors
Aug 11 12:55:43 snort02 slapd[16304]: daemon: select: listen=6 active_threads=0 tvp=NULL
Aug 11 12:55:43 snort02 slapd[16304]: daemon: select: listen=7 active_threads=0 tvp=NULL
On master where slurpd is running in debug -1 mode
ldap_send_initial_request
ldap_send_server_request
ber_flush: 247 bytes to sd 6
0000: 30 81 f4 02 01 06 66 81 d1 04 2b 75 69 64 3d 62 0.....f...+uid=b
<truncated>
tls_write: want=293, written=293
0000: 17 03 01 01 20 c2 7b 05 bc 9f aa c2 e9 70 56 d1 .... .{......pV.
<truncated>
sasl_write: want=267, written=267
0000: 00 00 01 07 b8 2a e6 21 02 b8 68 bf ce 87 76 a5 .....*.!..h...v.
<truncated>
ldap_write: want=247, written=247
0000: 30 81 f4 02 01 06 66 81 d1 04 2b 75 69 64 3d 62 0.....f...+uid=b
<truncated>
ldap_result msgid 6
ldap_chkResponseList for msgid=6, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 6
wait4msg continue, msgid 6, all 1
** Connections:
* host: snort02.pro-unlimited.com port: 389 (default)
refcnt: 3 status: Connected
last used: Fri Aug 11 12:55:43 2006
** Outstanding Requests:
* msgid 6, origid 6, status InProgress
outstanding referrals 0, parent count 0
* msgid 5, origid 5, status InProgress
outstanding referrals 0, parent count 0
** Response Queue:
Empty
ldap_chkResponseList for msgid=6, all=1
ldap_chkResponseList returns NULL
do_ldap_select
read1msg: msgid 6, all 1
ber_get_next
tls_read: want=5, got=5
0000: 17 03 01 00 60 ....`
tls_read: want=96, got=96
0000: 27 24 1b 16 3d 62 45 c0 45 48 97 ea a9 de b3 19 '$..=bE.EH......
<truncated>
sasl_read: want=4, got=4
0000: 00 00 00 42 ...B
sasl_read: want=66, got=66
0000: 98 7b 21 7b 11 7a 83 36 6f 80 bc 55 4e 32 8a 0a .{!{.z.6o..UN2..
<truncated>
ldap_read: want=1, got=1
0000: 30 0
ldap_read: want=1, got=1
0000: 30 0
ldap_read: want=48, got=48
0000: 02 01 06 67 2b 0a 01 0a 04 00 04 00 a3 22 04 20 ...g+........".
0010: 6c 64 61 70 3a 2f 2f 73 6e 6f 72 74 30 31 2e 70 ldap://snort01.p
0020: 72 6f 2d 75 6e 6c 69 6d 69 74 65 64 2e 63 6f 6d ro-unlimited.com
ber_get_next: tag 0x30 len 48 contents:
ber_dump: buf=0x08079670 ptr=0x08079670 end=0x080796a0 len=48
0000: 02 01 06 67 2b 0a 01 0a 04 00 04 00 a3 22 04 20 ...g+........".
0010: 6c 64 61 70 3a 2f 2f 73 6e 6f 72 74 30 31 2e 70 ldap://snort01.p
0020: 72 6f 2d 75 6e 6c 69 6d 69 74 65 64 2e 63 6f 6d ro-unlimited.com
ldap_read: message type modify msgid 6, original id 6
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0x08079670 ptr=0x08079673 end=0x080796a0 len=45
0000: 67 2b 0a 01 0a 04 00 04 00 a3 22 04 20 6c 64 61 g+........". lda
0010: 70 3a 2f 2f 73 6e 6f 72 74 30 31 2e 70 72 6f 2d p://snort01.pro-
0020: 75 6e 6c 69 6d 69 74 65 64 2e 63 6f 6d unlimited.com
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0x08079670 ptr=0x08079673 end=0x080796a0 len=45
0000: 67 2b 0a 01 0a 04 00 04 00 a3 22 04 20 6c 64 61 g+........". lda
0010: 70 3a 2f 2f 73 6e 6f 72 74 30 31 2e 70 72 6f 2d p://snort01.pro-
0020: 75 6e 6c 69 6d 69 74 65 64 2e 63 6f 6d unlimited.com
ber_scanf fmt (x) ber:
ber_dump: buf=0x08079670 ptr=0x0807967c end=0x080796a0 len=36
0000: a3 22 04 20 6c 64 61 70 3a 2f 2f 73 6e 6f 72 74 .". ldap://snort
0010: 30 31 2e 70 72 6f 2d 75 6e 6c 69 6d 69 74 65 64 01.pro-unlimited
0020: 2e 63 6f 6d .com
ber_scanf fmt (}) ber:
ber_dump: buf=0x08079670 ptr=0x080796a0 end=0x080796a0 len=0
ldap_msgfree
ldap_err2string
Error: ldap_modify_s failed modifying "Referral": uid=bmodi,ou=people,dc=pro-unlimited,dc=com
ldap_err2string
Error: ldap operation failed, data written to "/var/lib/ldap/replica/snort02.pro-unlimited.com:389.rej"
fm: exiting
end replication thread for snort02.pro-unlimited.com:389
Is there anything wrong with the lines in my slapd.conf on master LDAP server ( server1 ) for the replica section
sasl-realm snort02.pro-unlimited.com
sasl-regexp uid=(.*),cn=.*,cn=.*,cn=auth cn=$1,ou=ldapbods,ou=people,dc=pro-unlimited,dc=com
replica host=snort02.pro-unlimited.com:389
suffix="dc=pro-unlimited,dc=com"
binddn="uid=replicator,cn=snort02.pro-unlimited.com,cn=digest-md5,cn=auth"
tls=yes
bindmethod=sasl
authcid=replicator
saslmech=digest-md5
credentials=<plain text passwd>
Am I missing something in the master or slave /etc/openldap/slapd.conf file?
Also if I change the credentials to be "credentials={MD5}<something>==", would get....
ber_dump: buf=0x080896a0 ptr=0x080896a3 end=0x080896dd len=58
0000: 61 38 0a 01 31 04 00 04 31 43 6c 69 65 6e 74 20 a8..1...1Client
0010: 27 72 65 73 70 6f 6e 73 65 27 20 64 6f 65 73 6e 'response' doesn
0020: 27 74 20 6d 61 74 63 68 20 77 68 61 74 20 77 65 't match what we
0030: 20 67 65 6e 65 72 61 74 65 64 generated
ldap_msgfree
ldap_err2string
Error: LDAP SASL for snort02.pro-unlimited.com:389 failed: Invalid credentials
ldap_unbind
Any suggestion of help would be appreciated, since I'm still a novoice to LDAP
Thanks,
Steven
----- Original Message ----
From: Kurt D. Zeilenga <Kurt@OpenLDAP.org>
To: Steven Wong <slqwong@yahoo.com>
Cc: Howard Chu <hyc@symas.com>; Aaron Richton <richton@nbcs.rutgers.edu>; openLDAP software <openldap-software@OpenLDAP.org>
Sent: Tuesday, August 8, 2006 12:28:33 PM
Subject: Re: slurpd -d9 --- Invalid credentials
At 11:54 AM 8/8/2006, Steven Wong wrote:
> I was wondering if there are any Howto's for LDAP, SSL, with SASL, without Kerberos.
The basic OpenLDAP SASL tutorial is:
1) get Cyrus SASL working first (using their client programs
with service set to "ldap" and daemon name set to "slapd").
(use Cyrus SASL mailing list to resolve issues)
2) then apply lessons learned in 1 to getting OpenLDAP working
The basic OpenLDAP TLS/SSL tutorial is:
1) get OpenSSL working first (using s_server/s_client)
(use OpenSSL list to resolve issues)
2) then apply lessons learned in 1 to getting OpenLDAP working
-- Kurt