[Date Prev][Date Next] [Chronological] [Thread] [Top]

cmusaslsecretPLAIN attribute



I'm running RedHat EL 5 with stock RPMs for OpenLDAP, Cyrus SASL and OpenSSL:

OpenLDAP 2.3.27
Cyrus-SASL 2.1.22
OpenSSL 0.9.8b

I've created a CA on the server, used that to sign a cert, and put the appropriate entries in slapd.conf (to use the cert) and in ldap.conf (to trust the CA). If I run 'ldapwhoami:

$ ldapwhoami
SASL/PLAIN authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): user not found: Password verification failed


and in the logs (appended below) I see text about an undefined attribute type 'cmusaslsecretPLAIN'. I've looked around for that string, and all the fixes I've seen seem to want to patch Cyrus-SASL. I'd like to stick with Red Hat's stock RPMs, if possible. Is there a CMU specific schema I need to include, that defines that attribute? I'd also like to keep my auth information in LDAP, rather than have a separate SASL password database. My understanding is that the PLAIN authentication will be secured by the underlying SASL/TLS transport, is that correct? Thanks,

John

Jul 3 07:50:49 Hodgkin slapd[1342]: => acl_get: [1] attr userPassword
Jul 3 07:50:49 Hodgkin slapd[1342]: => acl_mask: access to entry "uid=burianj,ou=People,dc=cqcb", attr "userPassword" requested
Jul 3 07:50:49 Hodgkin slapd[1342]: => acl_mask: to all values by "", (=0)
Jul 3 07:50:49 Hodgkin slapd[1342]: <= check a_dn_pat: self
Jul 3 07:50:49 Hodgkin slapd[1342]: <= check a_dn_pat: uid=root,ou=people,dc=cqcb
Jul 3 07:50:49 Hodgkin slapd[1342]: <= check a_dn_pat: *
Jul 3 07:50:49 Hodgkin slapd[1342]: <= acl_mask: [3] applying auth(=xd) (stop)
Jul 3 07:50:49 Hodgkin slapd[1342]: <= acl_mask: [3] mask: auth(=xd)
Jul 3 07:50:49 Hodgkin slapd[1342]: => access_allowed: auth access granted by auth(=xd)
Jul 3 07:50:49 Hodgkin slapd[1342]: slap_ap_lookup: str2ad(cmusaslsecretPLAIN): attribute type undefined
Jul 3 07:50:49 Hodgkin slapd[1342]: send_ldap_result: conn=5 op=1 p=3
Jul 3 07:50:49 Hodgkin slapd[1342]: send_ldap_result: err=0 matched="" text=""
Jul 3 07:50:49 Hodgkin slapd[1342]: SASL [conn=5] Failure: Password verification failed