[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Problems Enabling Authentication using Cyrus SASL
Fernando Torrez <fernando_torrez@hotmail.com> writes:
> Hi all
>
> I tried to enable SASL authentication using Cyrus SASL to both connect to
> openldap server and to authenticate users as this document explains:
> http://www.arschkrebs.de/slides/surviving_cyrus_sasl-handout.pdf
> I studied openldap and Cyrus SASL documentations with no success
First, you mix saslauthd and ldapdb, I would recommend to stick to
ldapdb and refrain from saslauthd if you want authenticate ldap based
users on behalf of a network base service, like smtp or imap.
You probably should read
http://www.openldap.org/doc/admin24/sasl.html#SASL%20Proxy%20Authorization
If you just want to use sasl authentication against slapd, this is
quite easy,
1. create plaintext passwords ( no hashing), your password is md5 hashed.
2. add 'olcAuthzRegexp' rule sets to cn=config in order to map the
sasl authentication string 'uid=<uid>,cn=<mechanism>,cn=auth' to an
entry,
3. test your setup with ldapwhoami
-Dieter
> CONFIGURATION FILES
> /etc/saslauthd.conf
> ldap_servers: ldap://127.0.0.1/ ldap://192.168.1.2/
> ldap_search_base: ou=people,dc=plainjoe,dc=org
> ldap_filter: (userPrincipalName=%u)
> ldap_bind_dn: uid=proxyuser,ou=people,dc=plainjoe,dc=org
> ldap_password: secret
>
> /etc/openldap/slapd.conf
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include /etc/openldap/schema/inetorgperson.schema
> include /etc/openldap/schema/rfc2307bis.schema
> include /etc/openldap/schema/yast.schema
> loglevel -1
> pidfile /var/run/slapd/slapd.pid
> argsfile /var/run/slapd/slapd.args
> access to attrs=userPassword,userPKCS12
> by self write
> by anonymous auth
> by dn.base="uid=proxyuser,ou=people,dc=plainjoe,dc=org" manage
> by users read
> by * none
> access to *
> by * read
> database bdb
> suffix "dc=plainjoe,dc=org"
> checkpoint 1024 5
> cachesize 10000
> rootdn "cn=Manager,dc=plainjoe,dc=org"
> # the password is: secret
> rootpw {MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ==
> directory /var/lib/ldap
> index objectClass eq
> index cn,sn,mail eq,sub
> index departmentNumber eq
> password-hash {CLEARTEXT}
> authz-regexp
> uid=([^,]*),cn=[^,]*,cn=auth
> uid=$1,ou=people,dc=plainjoe,dc=org
> authz-policy to
> sasl-authz-policy to
> sasl-regexp
> uid=(.*),cn=DIGEST-MD5,cn=auth
> uid=$1,ou=people,dc=plainjoe,dc=org
> sasl-auxprops slapd
> sasl-host localhost
>
> /etc/sasl2/slapd.conf
> log_level: 7
> mech_list: DIGEST-MD5
> pwcheck_method: saslauthd
> saslauthd_path: /var/run/sasl2/mux
> #pwcheck_method: auxprop
> #auxprop_plugin: slapd
> # auxprop_plugin: ldapdb
> ldapdb_uri: ldap://localhost
> ldapdb_id: proxyuser
> ldapdb_pw: secret
> ldapdb_mech: DIGEST-MD5
No, this is a no no, slapd cannot make use of ldapdb
>
> DATA STORED ON LDAP SERVER
> firewall:~/openldap # slapcat
> bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
> dn: dc=plainjoe,dc=org
> dc: plainjoe
> objectClass: dcObject
> objectClass: organizationalUnit
> ou: PlainJoe Dot Org
> structuralObjectClass: organizationalUnit
> entryUUID: 0335be26-7c73-102f-8bd2-599020d843b8
> creatorsName: cn=Manager,dc=plainjoe,dc=org
> createTimestamp: 20101104152159Z
> entryCSN: 20101104152159.733766Z#000000#000#000000
> modifiersName: cn=Manager,dc=plainjoe,dc=org
> modifyTimestamp: 20101104152159Z
>
> dn: ou=people,dc=plainjoe,dc=org
> ou: people
> objectClass: organizationalUnit
> structuralObjectClass: organizationalUnit
> entryUUID: 033e9352-7c73-102f-8bd3-599020d843b8
> creatorsName: cn=Manager,dc=plainjoe,dc=org
> createTimestamp: 20101104152159Z
> entryCSN: 20101105231448.878588Z#000000#000#000000
> modifiersName: cn=Manager,dc=plainjoe,dc=org
> modifyTimestamp: 20101105231448Z
>
> dn: cn=Gerald W. Carter,ou=people,dc=plainjoe,dc=org
> cn: Gerald W. Carter
> sn: Carter
> mail: jerry@plainjoe.org
> labeledURI: http://www.plainjoe.org/
> roomNumber: 1234 Dudley Hall
> departmentNumber: Engineering
> telephoneNumber: 222-555-2345
> pager: 222-555-6789
> mobile: 222-555-1011
> objectClass: inetOrgPerson
> structuralObjectClass: inetOrgPerson
> entryUUID: 6d8be49c-7c7a-102f-8bd4-599020d843b8
> creatorsName: cn=Manager,dc=plainjoe,dc=org
> createTimestamp: 20101104161504Z
> entryCSN: 20101104162307.381290Z#000000#000#000000
> modifiersName: cn=Manager,dc=plainjoe,dc=org
> modifyTimestamp: 20101104162307Z
>
> dn: cn=Gerry Carter,ou=people,dc=plainjoe,dc=org
> sn: Carter
> mail: carter@nowhere.net
> objectClass: inetOrgPerson
> structuralObjectClass: inetOrgPerson
> entryUUID: 6da59928-7c7a-102f-8bd5-599020d843b8
> creatorsName: cn=Manager,dc=plainjoe,dc=org
> createTimestamp: 20101104161504Z
> labeledURI: http://www.plainjoe.org/~jerry/
> telephoneNumber: 234-555-6789 begin_of_the_skype_highlighting
> 234-555-6789 end_of_the_skype_highlighting
> cn: Gerry Carter
> userPassword:: Z2Vycnk=
> entryCSN: 20101104212850.439996Z#000000#000#000000
> modifiersName: cn=Manager,dc=plainjoe,dc=org
> modifyTimestamp: 20101104212850Z
>
> dn: uid=fernandito,ou=people,dc=plainjoe,dc=org
> uid: fernandito
> cn: Fernandito Torrez
> gidNumber: 10000
> uidNumber: 10000
> homeDirectory: /dev/null
> objectClass: account
> objectClass: posixAccount
> userPassword:: e21kNX1kZDAyYzdjMjIzMjc1OTg3NGUxYzIwNTU4NzAxN2JlZA==
> structuralObjectClass: account
> entryUUID: 44afffcc-7f90-102f-8d26-bf24473f4596
> creatorsName: cn=Manager,dc=plainjoe,dc=org
> createTimestamp: 20101108142858Z
> entryCSN: 20101108142858.480384Z#000000#000#000000
> modifiersName: cn=Manager,dc=plainjoe,dc=org
> modifyTimestamp: 20101108142858Z
>
> dn: uid=test,ou=people,dc=plainjoe,dc=org
> uid: test
> cn: testeo principal
> gidNumber: 10001
> uidNumber: 10001
> homeDirectory: /dev/null
> objectClass: account
> objectClass: posixAccount
> structuralObjectClass: account
> entryUUID: b3b5d6f4-8133-102f-9b9b-294e4b3fed35
> creatorsName: cn=Manager,dc=plainjoe,dc=org
> createTimestamp: 20101110163123Z
> userPassword:: e01ENX1DWTlyelVZaDAzUEszazZESmllMDlnPT0=
> entryCSN: 20101110190152.065873Z#000000#000#000000
> modifiersName: cn=Manager,dc=plainjoe,dc=org
> modifyTimestamp: 20101110190152Z
>
> dn: uid=proxyuser,ou=people,dc=plainjoe,dc=org
> uid: proxyuser
> cn: proxyuser
> gidNumber: 10002
> uidNumber: 10002
> homeDirectory: /dev/null
> objectClass: account
> objectClass: posixAccount
> userPassword:: e01ENX1YcjRpbE96UTRQQ09xM2FRMHFidWFRPT0=
> authzTo: dn.regex:uniqueIdentifier=(.*),ou=people,dc=plainjoe,dc=org
> structuralObjectClass: account
> entryUUID: 85999ef4-8214-102f-9c1d-411cc739a95b
> creatorsName: cn=Manager,dc=plainjoe,dc=org
> createTimestamp: 20101111192043Z
> entryCSN: 20101111192043.279474Z#000000#000#000000
> modifiersName: cn=Manager,dc=plainjoe,dc=org
> modifyTimestamp: 20101111192043Z
>
> OPENLDAP LOGS
> 1 Nov 11 17:19:07 firewall slapd[11011]: daemon: activity on 1 descriptor
> 2 Nov 11 17:19:07 firewall slapd[11011]: daemon: activity on:
> 3 Nov 11 17:19:07 firewall slapd[11011]:
> 4 Nov 11 17:19:07 firewall slapd[11011]: slap_listener_activate(8):
> 5 Nov 11 17:19:07 firewall slapd[11011]: daemon: epoll: listen=7
> active_threads=0 tvp=zero
> 6 Nov 11 17:19:07 firewall slapd[11011]: daemon: epoll: listen=8 busy
> 7 Nov 11 17:19:07 firewall slapd[11011]: >>> slap_listener(ldap://)
> 8 Nov 11 17:19:07 firewall slapd[11011]: daemon: listen=8, new connection
> on 12
> 9 Nov 11 17:19:07 firewall slapd[11011]: daemon: added 12r (active)
> listener=(nil)
> 10 Nov 11 17:19:07 firewall slapd[11011]: conn=1001 fd=12 ACCEPT from IP=
> [::1]:47665 (IP=[::]:389)
> 11 Nov 11 17:19:07 firewall slapd[11011]: daemon: activity on 1 descriptor
> 12 Nov 11 17:19:07 firewall slapd[11011]: daemon: activity on:
> 13 Nov 11 17:19:07 firewall slapd[11011]:
> 14 Nov 11 17:19:07 firewall slapd[11011]: daemon: epoll: listen=7
> active_threads=0 tvp=zero
> 15 Nov 11 17:19:07 firewall slapd[11011]: daemon: epoll: listen=8
> active_threads=0 tvp=zero
> 16 Nov 11 17:19:07 firewall slapd[11011]: daemon: activity on 1 descriptor
> 17 Nov 11 17:19:07 firewall slapd[11011]: daemon: activity on:
> 18 Nov 11 17:19:07 firewall slapd[11011]: 12r
> 19 Nov 11 17:19:07 firewall slapd[11011]:
> 20 Nov 11 17:19:07 firewall slapd[11011]: daemon: read active on 12
> 21 Nov 11 17:19:07 firewall slapd[11011]: daemon: epoll: listen=7
> active_threads=0 tvp=zero
> 22 Nov 11 17:19:07 firewall slapd[11011]: daemon: epoll: listen=8
> active_threads=0 tvp=zero
> 23 Nov 11 17:19:07 firewall slapd[11011]: connection_get(12)
> 24 Nov 11 17:19:07 firewall slapd[11011]: connection_get(12): got connid=
> 1001
> 25 Nov 11 17:19:07 firewall slapd[11011]: connection_read(12): checking for
> input on id=1001
> 26 Nov 11 17:19:07 firewall slapd[11011]: op tag 0x60, time 1289510347
> 27 Nov 11 17:19:07 firewall slapd[11011]: conn=1001 op=0 do_bind
> 28 Nov 11 17:19:07 firewall slapd[11011]: >>> dnPrettyNormal: <>
> 29 Nov 11 17:19:07 firewall slapd[11011]: <<< dnPrettyNormal: <>, <>
> 30 Nov 11 17:19:07 firewall slapd[11011]: conn=1001 op=0 BIND dn="" method=
> 163
> 31 Nov 11 17:19:07 firewall slapd[11011]: do_bind: dn () SASL mech
> DIGEST-MD5
> 32 Nov 11 17:19:07 firewall slapd[11011]: ==> sasl_bind: dn="" mech=
> DIGEST-MD5 datalen=0
> 33 Nov 11 17:19:07 firewall slapd[11011]: SASL [conn=1001] Debug:
> DIGEST-MD5 server step 1
> 34 Nov 11 17:19:07 firewall slapd[11011]: send_ldap_sasl: err=14 len=182
> 35 Nov 11 17:19:07 firewall slapd[11011]: send_ldap_response: msgid=1 tag=
> 97 err=14
> 36 Nov 11 17:19:07 firewall slapd[11011]: conn=1001 op=0 RESULT tag=97 err=
> 14 text=SASL(0): successful result:
> 37 Nov 11 17:19:07 firewall slapd[11011]: <== slap_sasl_bind: rc=14
> 38 Nov 11 17:19:07 firewall slapd[11011]: daemon: activity on 1 descriptor
> 39 Nov 11 17:19:07 firewall slapd[11011]: daemon: activity on:
> 40 Nov 11 17:19:07 firewall slapd[11011]:
> 41 Nov 11 17:19:07 firewall slapd[11011]: daemon: epoll: listen=7
> active_threads=0 tvp=zero
> 42 Nov 11 17:19:07 firewall slapd[11011]: daemon: epoll: listen=8
> active_threads=0 tvp=zero
> 43 Nov 11 17:19:07 firewall ldapwhoami: DIGEST-MD5 client step 2
> 44 Nov 11 17:19:10 firewall ldapwhoami: DIGEST-MD5 client step 2
> 45 Nov 11 17:19:10 firewall slapd[11011]: daemon: activity on 1 descriptor
> 46 Nov 11 17:19:10 firewall slapd[11011]: daemon: activity on:
> 47 Nov 11 17:19:10 firewall slapd[11011]: 12r
> 48 Nov 11 17:19:10 firewall slapd[11011]:
> 49 Nov 11 17:19:10 firewall slapd[11011]: daemon: read active on 12
> 50 Nov 11 17:19:10 firewall slapd[11011]: daemon: epoll: listen=7
> active_threads=0 tvp=zero
> 51 Nov 11 17:19:10 firewall slapd[11011]: daemon: epoll: listen=8
> active_threads=0 tvp=zero
> 52 Nov 11 17:19:10 firewall slapd[11011]: connection_get(12)
> 53 Nov 11 17:19:10 firewall slapd[11011]: connection_get(12): got connid=
> 1001
> 54 Nov 11 17:19:10 firewall slapd[11011]: connection_read(12): checking for
> input on id=1001
> 55 Nov 11 17:19:10 firewall slapd[11011]: op tag 0x60, time 1289510350
> 56 Nov 11 17:19:10 firewall slapd[11011]: conn=1001 op=1 do_bind
> 57 Nov 11 17:19:10 firewall slapd[11011]: >>> dnPrettyNormal: <>
> 58 Nov 11 17:19:10 firewall slapd[11011]: <<< dnPrettyNormal: <>, <>
> 59 Nov 11 17:19:10 firewall slapd[11011]: conn=1001 op=1 BIND dn="" method=
> 163
> 60 Nov 11 17:19:10 firewall slapd[11011]: do_bind: dn () SASL mech
> DIGEST-MD5
> 61 Nov 11 17:19:10 firewall slapd[11011]: ==> sasl_bind: dn="" mech=
> <continuing> datalen=296
> 62 Nov 11 17:19:10 firewall slapd[11011]: SASL [conn=1001] Debug:
> DIGEST-MD5 server step 2
> 63 Nov 11 17:19:10 firewall slapd[11011]: SASL Canonicalize [conn=1001]:
> authcid="proxyuser"
> 64 Nov 11 17:19:10 firewall slapd[11011]: slap_sasl_getdn: conn 1001 id=
> proxyuser [len=9]
> 65 Nov 11 17:19:10 firewall slapd[11011]: slap_sasl_getdn: u:id converted
> to uid=proxyuser,cn=DIGEST-MD5,cn=auth
> 66 Nov 11 17:19:10 firewall slapd[11011]: >>> dnNormalize: <uid=
> proxyuser,cn=DIGEST-MD5,cn=auth>
> 67 Nov 11 17:19:10 firewall slapd[11011]: <<< dnNormalize: <uid=
> proxyuser,cn=digest-md5,cn=auth>
> 68 Nov 11 17:19:10 firewall slapd[11011]: ==>slap_sasl2dn: converting SASL
> name uid=proxyuser,cn=digest-md5,cn=auth to a DN
> 69 Nov 11 17:19:10 firewall slapd[11011]: [rw] authid: "uid=proxyuser,cn=
> digest-md5,cn=auth" -> "uid=proxyuser,ou=people,dc=plainjoe,dc=org"
> 70 Nov 11 17:19:10 firewall slapd[11011]: slap_parseURI: parsing uid=
> proxyuser,ou=people,dc=plainjoe,dc=org
> 71 Nov 11 17:19:10 firewall slapd[11011]: >>> dnNormalize: <uid=
> proxyuser,ou=people,dc=plainjoe,dc=org>
> 72 Nov 11 17:19:10 firewall slapd[11011]: <<< dnNormalize: <uid=
> proxyuser,ou=people,dc=plainjoe,dc=org>
> 73 Nov 11 17:19:10 firewall slapd[11011]: <==slap_sasl2dn: Converted SASL
> name to uid=proxyuser,ou=people,dc=plainjoe,dc=org
> 74 Nov 11 17:19:10 firewall slapd[11011]: slap_sasl_getdn: dn:id converted
> to uid=proxyuser,ou=people,dc=plainjoe,dc=org
> 75 Nov 11 17:19:10 firewall slapd[11011]: SASL Canonicalize [conn=1001]:
> slapAuthcDN="uid=proxyuser,ou=people,dc=plainjoe,dc=org"
> 76 Nov 11 17:19:10 firewall slapd[11011]: => bdb_search
> 77 Nov 11 17:19:10 firewall slapd[11011]: bdb_dn2entry("uid=proxyuser,ou=
> people,dc=plainjoe,dc=org")
> 78 Nov 11 17:19:10 firewall slapd[11011]: => bdb_dn2id("dc=plainjoe,dc=
> org")
> 79 Nov 11 17:19:10 firewall slapd[11011]: daemon: activity on 1 descriptor
> 80 Nov 11 17:19:10 firewall slapd[11011]: daemon: activity on:
> 81 Nov 11 17:19:10 firewall slapd[11011]:
> 82 Nov 11 17:19:10 firewall slapd[11011]: daemon: epoll: listen=7
> active_threads=0 tvp=zero
> 83 Nov 11 17:19:10 firewall slapd[11011]: daemon: epoll: listen=8
> active_threads=0 tvp=zero
> 84 Nov 11 17:19:10 firewall slapd[11011]: <= bdb_dn2id: got id=0x1
> 85 Nov 11 17:19:10 firewall slapd[11011]: => bdb_dn2id("ou=people,dc=
> plainjoe,dc=org")
> 86 Nov 11 17:19:10 firewall slapd[11011]: <= bdb_dn2id: got id=0x2
> 87 Nov 11 17:19:10 firewall slapd[11011]: => bdb_dn2id("uid=proxyuser,ou=
> people,dc=plainjoe,dc=org")
> 88 Nov 11 17:19:10 firewall slapd[11011]: <= bdb_dn2id: got id=0x10
> 89 Nov 11 17:19:10 firewall slapd[11011]: entry_decode: "uid=proxyuser,ou=
> people,dc=plainjoe,dc=org"
> 90 Nov 11 17:19:10 firewall slapd[11011]: <= entry_decode(uid=proxyuser,ou=
> people,dc=plainjoe,dc=org)
> 91 Nov 11 17:19:10 firewall slapd[11011]: => access_allowed: auth access to
> "uid=proxyuser,ou=people,dc=plainjoe,dc=org" "entry" requested
> 92 Nov 11 17:19:10 firewall slapd[11011]: => acl_get: [2] attr entry
> 93 Nov 11 17:19:10 firewall slapd[11011]: => acl_mask: access to entry "uid
> =proxyuser,ou=people,dc=plainjoe,dc=org", attr "entry" requested
> 94 Nov 11 17:19:10 firewall slapd[11011]: => acl_mask: to all values by "",
> (=0)
> 95 Nov 11 17:19:10 firewall slapd[11011]: <= check a_dn_pat: *
> 96 Nov 11 17:19:10 firewall slapd[11011]: <= acl_mask: [1] applying read(=
> rscxd) (stop)
> 97 Nov 11 17:19:10 firewall slapd[11011]: <= acl_mask: [1] mask: read(=
> rscxd)
> 98 Nov 11 17:19:10 firewall slapd[11011]: => slap_access_allowed: auth
> access granted by read(=rscxd)
> 99 Nov 11 17:19:10 firewall slapd[11011]: => access_allowed: auth access
> granted by read(=rscxd)
> 100 Nov 11 17:19:10 firewall slapd[11011]: base_candidates: base: "uid=
> proxyuser,ou=people,dc=plainjoe,dc=org" (0x00000010)
> 101 Nov 11 17:19:10 firewall slapd[11011]: => test_filter
> 102 Nov 11 17:19:10 firewall slapd[11011]: PRESENT
> 103 Nov 11 17:19:10 firewall slapd[11011]: => access_allowed: auth access
> to "uid=proxyuser,ou=people,dc=plainjoe,dc=org" "objectClass" requested
> 104 Nov 11 17:19:10 firewall slapd[11011]: => acl_get: [2] attr objectClass
> 105 Nov 11 17:19:10 firewall slapd[11011]: => acl_mask: access to entry
> "uid=proxyuser,ou=people,dc=plainjoe,dc=org", attr "objectClass" requested
> 106 Nov 11 17:19:10 firewall slapd[11011]: => acl_mask: to all values by
> "", (=0)
> 107 Nov 11 17:19:10 firewall slapd[11011]: <= check a_dn_pat: *
> 108 Nov 11 17:19:10 firewall slapd[11011]: <= acl_mask: [1] applying read(=
> rscxd) (stop)
> 109 Nov 11 17:19:10 firewall slapd[11011]: <= acl_mask: [1] mask: read(=
> rscxd)
> 110 Nov 11 17:19:10 firewall slapd[11011]: => slap_access_allowed: auth
> access granted by read(=rscxd)
> 111 Nov 11 17:19:10 firewall slapd[11011]: => access_allowed: auth access
> granted by read(=rscxd)
> 112 Nov 11 17:19:10 firewall slapd[11011]: <= test_filter 6
> 113 Nov 11 17:19:10 firewall slapd[11011]: => access_allowed: auth access
> to "uid=proxyuser,ou=people,dc=plainjoe,dc=org" "userPassword" requested
> 114 Nov 11 17:19:10 firewall slapd[11011]: => acl_get: [1] attr
> userPassword
> 115 Nov 11 17:19:10 firewall slapd[11011]: => acl_mask: access to entry
> "uid=proxyuser,ou=people,dc=plainjoe,dc=org", attr "userPassword" requested
> 116 Nov 11 17:19:10 firewall slapd[11011]: => acl_mask: to all values by
> "", (=0)
> 117 Nov 11 17:19:10 firewall slapd[11011]: <= check a_dn_pat: self
> 118 Nov 11 17:19:10 firewall slapd[11011]: <= check a_dn_pat: anonymous
> 119 Nov 11 17:19:10 firewall slapd[11011]: <= acl_mask: [2] applying auth(=
> xd) (stop)
> 120 Nov 11 17:19:10 firewall slapd[11011]: <= acl_mask: [2] mask: auth(=xd)
> 121 Nov 11 17:19:10 firewall slapd[11011]: => slap_access_allowed: auth
> access granted by auth(=xd)
> 122 Nov 11 17:19:10 firewall slapd[11011]: => access_allowed: auth access
> granted by auth(=xd)
> 123 Nov 11 17:19:10 firewall slapd[11011]: slap_ap_lookup: str2ad
> (cmusaslsecretDIGEST-MD5): attribute type undefined
> 124 Nov 11 17:19:10 firewall slapd[11011]: send_ldap_result: conn=1001 op=1
> p=3
> 125 Nov 11 17:19:10 firewall slapd[11011]: send_ldap_result: err=0 matched=
> "" text=""
> 126 Nov 11 17:19:10 firewall slapd[11011]: SASL Canonicalize [conn=1001]:
> authzid="u:test"
> 127 Nov 11 17:19:10 firewall slapd[11011]: slap_sasl_getdn: conn 1001 id=
> u:test [len=6]
> 128 Nov 11 17:19:10 firewall slapd[11011]: slap_sasl_getdn: u:id converted
> to uid=test,cn=DIGEST-MD5,cn=auth
> 129 Nov 11 17:19:10 firewall slapd[11011]: >>> dnNormalize: <uid=test,cn=
> DIGEST-MD5,cn=auth>
> 130 Nov 11 17:19:10 firewall slapd[11011]: <<< dnNormalize: <uid=test,cn=
> digest-md5,cn=auth>
> 131 Nov 11 17:19:10 firewall slapd[11011]: ==>slap_sasl2dn: converting SASL
> name uid=test,cn=digest-md5,cn=auth to a DN
> 132 Nov 11 17:19:10 firewall slapd[11011]: [rw] authid: "uid=test,cn=
> digest-md5,cn=auth" -> "uid=test,ou=people,dc=plainjoe,dc=org"
> 133 Nov 11 17:19:10 firewall slapd[11011]: slap_parseURI: parsing uid=
> test,ou=people,dc=plainjoe,dc=org
> 134 Nov 11 17:19:10 firewall slapd[11011]: >>> dnNormalize: <uid=test,ou=
> people,dc=plainjoe,dc=org>
> 135 Nov 11 17:19:10 firewall slapd[11011]: <<< dnNormalize: <uid=test,ou=
> people,dc=plainjoe,dc=org>
> 136 Nov 11 17:19:10 firewall slapd[11011]: <==slap_sasl2dn: Converted SASL
> name to uid=test,ou=people,dc=plainjoe,dc=org
> 137 Nov 11 17:19:10 firewall slapd[11011]: slap_sasl_getdn: dn:id converted
> to uid=test,ou=people,dc=plainjoe,dc=org
> 138 Nov 11 17:19:10 firewall slapd[11011]: SASL Canonicalize [conn=1001]:
> slapAuthzDN="uid=test,ou=people,dc=plainjoe,dc=org"
> 139 Nov 11 17:19:10 firewall slapd[11011]: SASL [conn=1001] Failure: no
> secret in database
> 140 Nov 11 17:19:10 firewall slapd[11011]: send_ldap_result: conn=1001 op=1
> p=3
> 141 Nov 11 17:19:10 firewall slapd[11011]: send_ldap_result: err=49 matched
> ="" text="SASL(-13): user not found: no secret in database"
> 142 Nov 11 17:19:10 firewall slapd[11011]: send_ldap_response: msgid=2 tag=
> 97 err=49
> 143 Nov 11 17:19:10 firewall slapd[11011]: daemon: activity on 1 descriptor
> 144 Nov 11 17:19:10 firewall slapd[11011]: daemon: activity on:
> 145 Nov 11 17:19:10 firewall slapd[11011]: 12r
> 146 Nov 11 17:19:10 firewall slapd[11011]:
> 147 Nov 11 17:19:10 firewall slapd[11011]: daemon: read active on 12
> 148 Nov 11 17:19:10 firewall slapd[11011]: daemon: epoll: listen=7
> active_threads=0 tvp=zero
> 149 Nov 11 17:19:10 firewall slapd[11011]: daemon: epoll: listen=8
> active_threads=0 tvp=zero
> 150 Nov 11 17:19:10 firewall slapd[11011]: connection_get(12)
> 151 Nov 11 17:19:10 firewall slapd[11011]: connection_get(12): got connid=
> 1001
> 152 Nov 11 17:19:10 firewall slapd[11011]: connection_read(12): checking
> for input on id=1001
> 153 Nov 11 17:19:10 firewall slapd[11011]: ber_get_next on fd 12 failed
> errno=0 (Success)
> 154 Nov 11 17:19:10 firewall slapd[11011]: connection_read(12): input error
> =-2 id=1001, closing.
> 155 Nov 11 17:19:10 firewall slapd[11011]: connection_closing: readying
> conn=1001 sd=12 for close
> 156 Nov 11 17:19:10 firewall slapd[11011]: connection_close: deferring conn
> =1001 sd=12
> 157 Nov 11 17:19:10 firewall slapd[11011]: daemon: activity on 1 descriptor
> 158 Nov 11 17:19:10 firewall slapd[11011]: daemon: activity on:
> 159 Nov 11 17:19:10 firewall slapd[11011]:
> 160 Nov 11 17:19:10 firewall slapd[11011]: daemon: epoll: listen=7
> active_threads=0 tvp=zero
> 161 Nov 11 17:19:10 firewall slapd[11011]: daemon: epoll: listen=8
> active_threads=0 tvp=zero
> 162 Nov 11 17:19:10 firewall slapd[11011]: conn=1001 op=1 RESULT tag=97 err
> =49 text=SASL(-13): user not found: no secret in database
> 163 Nov 11 17:19:10 firewall slapd[11011]: <== slap_sasl_bind: rc=49
> 164 Nov 11 17:19:10 firewall slapd[11011]: connection_resched: attempting
> closing conn=1001 sd=12
> 165 Nov 11 17:19:10 firewall slapd[11011]: connection_close: conn=1001 sd=
> 12
> 166 Nov 11 17:19:10 firewall slapd[11011]: daemon: removing 12
> 167 Nov 11 17:19:10 firewall slapd[11011]: conn=1001 fd=12 closed
> (connection lost)
>
--
Dieter Klünter | Systemberatung
sip: 7770535@sipgate.de
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6