[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
cmusaslsecretPLAIN attribute
I'm running RedHat EL 5 with stock RPMs for OpenLDAP, Cyrus SASL and
OpenSSL:
OpenLDAP 2.3.27
Cyrus-SASL 2.1.22
OpenSSL 0.9.8b
I've created a CA on the server, used that to sign a cert, and put the
appropriate entries in slapd.conf (to use the cert) and in ldap.conf (to
trust the CA). If I run 'ldapwhoami:
$ ldapwhoami
SASL/PLAIN authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): user not found: Password
verification failed
and in the logs (appended below) I see text about an undefined attribute
type 'cmusaslsecretPLAIN'. I've looked around for that string, and all
the fixes I've seen seem to want to patch Cyrus-SASL. I'd like to stick
with Red Hat's stock RPMs, if possible. Is there a CMU specific schema I
need to include, that defines that attribute? I'd also like to keep my
auth information in LDAP, rather than have a separate SASL password
database. My understanding is that the PLAIN authentication will be
secured by the underlying SASL/TLS transport, is that correct? Thanks,
John
Jul 3 07:50:49 Hodgkin slapd[1342]: => acl_get: [1] attr userPassword
Jul 3 07:50:49 Hodgkin slapd[1342]: => acl_mask: access to entry
"uid=burianj,ou=People,dc=cqcb", attr "userPassword" requested
Jul 3 07:50:49 Hodgkin slapd[1342]: => acl_mask: to all values by "", (=0)
Jul 3 07:50:49 Hodgkin slapd[1342]: <= check a_dn_pat: self
Jul 3 07:50:49 Hodgkin slapd[1342]: <= check a_dn_pat:
uid=root,ou=people,dc=cqcb
Jul 3 07:50:49 Hodgkin slapd[1342]: <= check a_dn_pat: *
Jul 3 07:50:49 Hodgkin slapd[1342]: <= acl_mask: [3] applying auth(=xd)
(stop)
Jul 3 07:50:49 Hodgkin slapd[1342]: <= acl_mask: [3] mask: auth(=xd)
Jul 3 07:50:49 Hodgkin slapd[1342]: => access_allowed: auth access
granted by auth(=xd)
Jul 3 07:50:49 Hodgkin slapd[1342]: slap_ap_lookup:
str2ad(cmusaslsecretPLAIN): attribute type undefined
Jul 3 07:50:49 Hodgkin slapd[1342]: send_ldap_result: conn=5 op=1 p=3
Jul 3 07:50:49 Hodgkin slapd[1342]: send_ldap_result: err=0 matched=""
text=""
Jul 3 07:50:49 Hodgkin slapd[1342]: SASL [conn=5] Failure: Password
verification failed