[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Does anybody succeed to setup SASL(digest-md5) authentication with mysql database and latest openldap-server??
Hi Dan
I simplified ldap configuration as far as I can .
This is no realm configuration (Dan's idea.)
However authentication still failed.
I'm not sure why slap_sasl_authorized compare input? password.
-- from debug message
==>slap_sasl_authorized: can uid=ldap_user,ou=users,dc=mydomain,dc=com
become password1?
--
Hiroyuki Sato
1, new configuration
database bdb
suffix "dc=mydomain,dc=com"
rootdn "cn=Manager,dc=mydomain,dc=com"
sasl-regexp
uid=([^@]+)([^,]+),cn=digest-md5,cn=auth
uid=$1,ou=users,dc=mydomain,dc=com
sasl-auxprops sql
ldapsearch -h 192.168.10.36 -Y digest-md5 -U ldap_user@mydomain.com
-b 'dc=mydomain,dc=com' -LLL '(objectclass=*)'
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Insufficient access (50)
2, /usr/lib/sasl2/slapd.conf
pwcheck_method: auxprop
mech_list: DIGEST-MD5
log_level: 7
auxprop_plugin: sql
sql_verbose: yes
sql_engine: mysql
sql_hostnames: host.addre.ss
sql_user: username
sql_passwd: password
sql_database: database
#
# no realm
#
sql_select: select password from sasl_test where username = '%u'
2, log
daemon: activity on 1 descriptor
daemon: activity on:
slap_listener_activate(7):
daemon: epoll: listen=7 busy
daemon: epoll: listen=8 active_threads=0 tvp=NULL
>>> slap_listener(ldap:///)
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: listen=7, new connection on 12
daemon: activity on 1 descriptor
daemon: activity on: 12r
daemon: read active on 12
daemon: added 12r (active) listener=(nil)
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
conn=1000 fd=12 ACCEPT from IP=192.168.10.53:54174 (IP=0.0.0.0:389)
connection_get(12)
connection_get(12): got connid=1000
connection_read(12): checking for input on id=1000
ber_get_next
ldap_read: want=8, got=8
0000: 30 18 02 01 01 60 13 02 0....`..
ldap_read: want=18, got=18
0000: 01 03 04 00 a3 0c 04 0a 44 49 47 45 53 54 2d 4d ........DIGEST-M
0010: 44 35 D5
ber_get_next: tag 0x30 len 24 contents:
ber_dump: buf=0x8380468 ptr=0x8380468 end=0x8380480 len=24
0000: 02 01 01 60 13 02 01 03 04 00 a3 0c 04 0a 44 49 ...`..........DI
0010: 47 45 53 54 2d 4d 44 35 GEST-MD5
op tag 0x60, time 1297935958
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
conn=1000 op=0 do_bind
ber_scanf fmt ({imt) ber:
ber_dump: buf=0x8380468 ptr=0x838046b end=0x8380480 len=21
0000: 60 13 02 01 03 04 00 a3 0c 04 0a 44 49 47 45 53 `..........DIGES
0010: 54 2d 4d 44 35 T-MD5
ber_scanf fmt ({m) ber:
ber_dump: buf=0x8380468 ptr=0x8380472 end=0x8380480 len=14
0000: 00 0c 04 0a 44 49 47 45 53 54 2d 4d 44 35 ....DIGEST-MD5
ber_scanf fmt (}}) ber:
ber_dump: buf=0x8380468 ptr=0x8380480 end=0x8380480 len=0
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
conn=1000 op=0 BIND dn="" method=163
do_bind: dn () SASL mech DIGEST-MD5
==> sasl_bind: dn="" mech=DIGEST-MD5 datalen=0
SASL [conn=1000] Debug: DIGEST-MD5 server step 1
send_ldap_sasl: err=14 len=184
send_ldap_response: msgid=1 tag=97 err=14
ber_flush2: 231 bytes to sd 12
0000: 30 81 e4 02 01 01 61 81 de 0a 01 0e 04 00 04 1c 0.....a.........
0010: 53 41 53 4c 28 30 29 3a 20 73 75 63 63 65 73 73 SASL(0): success
0020: 66 75 6c 20 72 65 73 75 6c 74 3a 20 87 81 b8 6e ful result: ...n
0030: 6f 6e 63 65 3d 22 79 7a 57 61 52 41 51 46 34 38 once="yzWaRAQF48
0040: 70 39 4e 2f 4d 58 46 6b 39 38 6a 6f 4c 54 5a 4e p9N/MXFk98joLTZN
0050: 68 52 2f 6c 4e 38 79 33 51 44 4b 59 63 55 32 4e hR/lN8y3QDKYcU2N
0060: 4d 3d 22 2c 72 65 61 6c 6d 3d 22 70 78 65 30 31 M=",realm="pxe01
0070: 2e 61 72 63 68 73 79 73 74 65 6d 2e 63 6f 6d 22 .archsystem.com"
0080: 2c 71 6f 70 3d 22 61 75 74 68 2c 61 75 74 68 2d ,qop="auth,auth-
0090: 69 6e 74 2c 61 75 74 68 2d 63 6f 6e 66 22 2c 63 int,auth-conf",c
00a0: 69 70 68 65 72 3d 22 72 63 34 2d 34 30 2c 72 63 ipher="rc4-40,rc
00b0: 34 2d 35 36 2c 72 63 34 22 2c 6d 61 78 62 75 66 4-56,rc4",maxbuf
00c0: 3d 36 35 35 33 36 2c 63 68 61 72 73 65 74 3d 75 =65536,charset=u
00d0: 74 66 2d 38 2c 61 6c 67 6f 72 69 74 68 6d 3d 6d tf-8,algorithm=m
00e0: 64 35 2d 73 65 73 73 d5-sess
ldap_write: want=231, written=231
0000: 30 81 e4 02 01 01 61 81 de 0a 01 0e 04 00 04 1c 0.....a.........
0010: 53 41 53 4c 28 30 29 3a 20 73 75 63 63 65 73 73 SASL(0): success
0020: 66 75 6c 20 72 65 73 75 6c 74 3a 20 87 81 b8 6e ful result: ...n
0030: 6f 6e 63 65 3d 22 79 7a 57 61 52 41 51 46 34 38 once="yzWaRAQF48
0040: 70 39 4e 2f 4d 58 46 6b 39 38 6a 6f 4c 54 5a 4e p9N/MXFk98joLTZN
0050: 68 52 2f 6c 4e 38 79 33 51 44 4b 59 63 55 32 4e hR/lN8y3QDKYcU2N
0060: 4d 3d 22 2c 72 65 61 6c 6d 3d 22 70 78 65 30 31 M=",realm="pxe01
0070: 2e 61 72 63 68 73 79 73 74 65 6d 2e 63 6f 6d 22 .archsystem.com"
0080: 2c 71 6f 70 3d 22 61 75 74 68 2c 61 75 74 68 2d ,qop="auth,auth-
0090: 69 6e 74 2c 61 75 74 68 2d 63 6f 6e 66 22 2c 63 int,auth-conf",c
00a0: 69 70 68 65 72 3d 22 72 63 34 2d 34 30 2c 72 63 ipher="rc4-40,rc
00b0: 34 2d 35 36 2c 72 63 34 22 2c 6d 61 78 62 75 66 4-56,rc4",maxbuf
00c0: 3d 36 35 35 33 36 2c 63 68 61 72 73 65 74 3d 75 =65536,charset=u
00d0: 74 66 2d 38 2c 61 6c 67 6f 72 69 74 68 6d 3d 6d tf-8,algorithm=m
00e0: 64 35 2d 73 65 73 73 d5-sess
conn=1000 op=0 RESULT tag=97 err=14 text=SASL(0): successful result:
<== slap_sasl_bind: rc=14
daemon: activity on 1 descriptor
daemon: activity on: 12r
daemon: read active on 12
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
connection_get(12)
connection_get(12): got connid=1000
connection_read(12): checking for input on id=1000
ber_get_next
ldap_read: want=8, got=8
0000: 30 82 01 4f 02 01 02 60 0..O...`
ldap_read: want=331, got=331
0000: 82 01 48 02 01 03 04 00 a3 82 01 3f 04 0a 44 49 ..H........?..DI
0010: 47 45 53 54 2d 4d 44 35 04 82 01 2f 75 73 65 72 GEST-MD5.../user
0020: 6e 61 6d 65 3d 22 6c 64 61 70 5f 75 73 65 72 40 name="ldap_user@
0030: 6d 79 64 6f 6d 61 69 6e 2e 63 6f 6d 22 2c 72 65 mydomain.com",re
0040: 61 6c 6d 3d 22 70 78 65 30 31 2e 61 72 63 68 73 alm="pxe01.archs
0050: 79 73 74 65 6d 2e 63 6f 6d 22 2c 6e 6f 6e 63 65 ystem.com",nonce
0060: 3d 22 79 7a 57 61 52 41 51 46 34 38 70 39 4e 2f ="yzWaRAQF48p9N/
0070: 4d 58 46 6b 39 38 6a 6f 4c 54 5a 4e 68 52 2f 6c MXFk98joLTZNhR/l
0080: 4e 38 79 33 51 44 4b 59 63 55 32 4e 4d 3d 22 2c N8y3QDKYcU2NM=",
0090: 63 6e 6f 6e 63 65 3d 22 6c 30 43 32 64 75 35 62 cnonce="l0C2du5b
00a0: 46 6c 4b 34 67 68 4e 4e 72 41 4a 47 43 75 6d 72 FlK4ghNNrAJGCumr
00b0: 45 51 2f 56 75 4b 61 5a 39 6b 65 5a 6a 5a 54 6b EQ/VuKaZ9keZjZTk
00c0: 67 6a 6f 3d 22 2c 6e 63 3d 30 30 30 30 30 30 30 gjo=",nc=0000000
00d0: 31 2c 71 6f 70 3d 61 75 74 68 2d 63 6f 6e 66 2c 1,qop=auth-conf,
00e0: 63 69 70 68 65 72 3d 72 63 34 2c 6d 61 78 62 75 cipher=rc4,maxbu
00f0: 66 3d 31 36 37 37 37 32 31 35 2c 64 69 67 65 73 f=16777215,diges
0100: 74 2d 75 72 69 3d 22 6c 64 61 70 2f 70 78 65 30 t-uri="ldap/pxe0
0110: 31 2e 61 72 63 68 73 79 73 74 65 6d 2e 63 6f 6d 1.archsystem.com
0120: 22 2c 72 65 73 70 6f 6e 73 65 3d 36 66 36 36 32 ",response=6f662
0130: 65 37 32 31 36 37 37 66 39 36 31 33 66 62 30 62 e721677f9613fb0b
0140: 30 62 33 63 39 36 35 64 39 64 30 0b3c965d9d0
ber_get_next: tag 0x30 len 335 contents:
ber_dump: buf=0x8382440 ptr=0x8382440 end=0x838258f len=335
0000: 02 01 02 60 82 01 48 02 01 03 04 00 a3 82 01 3f ...`..H........?
0010: 04 0a 44 49 47 45 53 54 2d 4d 44 35 04 82 01 2f ..DIGEST-MD5.../
0020: 75 73 65 72 6e 61 6d 65 3d 22 6c 64 61 70 5f 75 username="ldap_u
0030: 73 65 72 40 6d 79 64 6f 6d 61 69 6e 2e 63 6f 6d ser@mydomain.com
0040: 22 2c 72 65 61 6c 6d 3d 22 70 78 65 30 31 2e 61 ",realm="pxe01.a
0050: 72 63 68 73 79 73 74 65 6d 2e 63 6f 6d 22 2c 6e rchsystem.com",n
0060: 6f 6e 63 65 3d 22 79 7a 57 61 52 41 51 46 34 38 once="yzWaRAQF48
0070: 70 39 4e 2f 4d 58 46 6b 39 38 6a 6f 4c 54 5a 4e p9N/MXFk98joLTZN
0080: 68 52 2f 6c 4e 38 79 33 51 44 4b 59 63 55 32 4e hR/lN8y3QDKYcU2N
0090: 4d 3d 22 2c 63 6e 6f 6e 63 65 3d 22 6c 30 43 32 M=",cnonce="l0C2
00a0: 64 75 35 62 46 6c 4b 34 67 68 4e 4e 72 41 4a 47 du5bFlK4ghNNrAJG
00b0: 43 75 6d 72 45 51 2f 56 75 4b 61 5a 39 6b 65 5a CumrEQ/VuKaZ9keZ
00c0: 6a 5a 54 6b 67 6a 6f 3d 22 2c 6e 63 3d 30 30 30 jZTkgjo=",nc=000
00d0: 30 30 30 30 31 2c 71 6f 70 3d 61 75 74 68 2d 63 00001,qop=auth-c
00e0: 6f 6e 66 2c 63 69 70 68 65 72 3d 72 63 34 2c 6d onf,cipher=rc4,m
00f0: 61 78 62 75 66 3d 31 36 37 37 37 32 31 35 2c 64 axbuf=16777215,d
0100: 69 67 65 73 74 2d 75 72 69 3d 22 6c 64 61 70 2f igest-uri="ldap/
0110: 70 78 65 30 31 2e 61 72 63 68 73 79 73 74 65 6d pxe01.archsystem
0120: 2e 63 6f 6d 22 2c 72 65 73 70 6f 6e 73 65 3d 36 .com",response=6
0130: 66 36 36 32 65 37 32 31 36 37 37 66 39 36 31 33 f662e721677f9613
0140: 66 62 30 62 30 62 33 63 39 36 35 64 39 64 30 fb0b0b3c965d9d0
op tag 0x60, time 1297935961
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
conn=1000 op=1 do_bind
ber_scanf fmt ({imt) ber:
ber_dump: buf=0x8382440 ptr=0x8382443 end=0x838258f len=332
0000: 60 82 01 48 02 01 03 04 00 a3 82 01 3f 04 0a 44 `..H........?..D
0010: 49 47 45 53 54 2d 4d 44 35 04 82 01 2f 75 73 65 IGEST-MD5.../use
0020: 72 6e 61 6d 65 3d 22 6c 64 61 70 5f 75 73 65 72 rname="ldap_user
0030: 40 6d 79 64 6f 6d 61 69 6e 2e 63 6f 6d 22 2c 72 @mydomain.com",r
0040: 65 61 6c 6d 3d 22 70 78 65 30 31 2e 61 72 63 68 ealm="pxe01.arch
0050: 73 79 73 74 65 6d 2e 63 6f 6d 22 2c 6e 6f 6e 63 system.com",nonc
0060: 65 3d 22 79 7a 57 61 52 41 51 46 34 38 70 39 4e e="yzWaRAQF48p9N
0070: 2f 4d 58 46 6b 39 38 6a 6f 4c 54 5a 4e 68 52 2f /MXFk98joLTZNhR/
0080: 6c 4e 38 79 33 51 44 4b 59 63 55 32 4e 4d 3d 22 lN8y3QDKYcU2NM="
0090: 2c 63 6e 6f 6e 63 65 3d 22 6c 30 43 32 64 75 35 ,cnonce="l0C2du5
00a0: 62 46 6c 4b 34 67 68 4e 4e 72 41 4a 47 43 75 6d bFlK4ghNNrAJGCum
00b0: 72 45 51 2f 56 75 4b 61 5a 39 6b 65 5a 6a 5a 54 rEQ/VuKaZ9keZjZT
00c0: 6b 67 6a 6f 3d 22 2c 6e 63 3d 30 30 30 30 30 30 kgjo=",nc=000000
00d0: 30 31 2c 71 6f 70 3d 61 75 74 68 2d 63 6f 6e 66 01,qop=auth-conf
00e0: 2c 63 69 70 68 65 72 3d 72 63 34 2c 6d 61 78 62 ,cipher=rc4,maxb
00f0: 75 66 3d 31 36 37 37 37 32 31 35 2c 64 69 67 65 uf=16777215,dige
0100: 73 74 2d 75 72 69 3d 22 6c 64 61 70 2f 70 78 65 st-uri="ldap/pxe
0110: 30 31 2e 61 72 63 68 73 79 73 74 65 6d 2e 63 6f 01.archsystem.co
0120: 6d 22 2c 72 65 73 70 6f 6e 73 65 3d 36 66 36 36 m",response=6f66
0130: 32 65 37 32 31 36 37 37 66 39 36 31 33 66 62 30 2e721677f9613fb0
0140: 62 30 62 33 63 39 36 35 64 39 64 30 b0b3c965d9d0
ber_scanf fmt ({m) ber:
ber_dump: buf=0x8382440 ptr=0x838244c end=0x838258f len=323
0000: 00 82 01 3f 04 0a 44 49 47 45 53 54 2d 4d 44 35 ...?..DIGEST-MD5
0010: 04 82 01 2f 75 73 65 72 6e 61 6d 65 3d 22 6c 64 .../username="ld
0020: 61 70 5f 75 73 65 72 40 6d 79 64 6f 6d 61 69 6e ap_user@mydomain
0030: 2e 63 6f 6d 22 2c 72 65 61 6c 6d 3d 22 70 78 65 .com",realm="pxe
0040: 30 31 2e 61 72 63 68 73 79 73 74 65 6d 2e 63 6f 01.archsystem.co
0050: 6d 22 2c 6e 6f 6e 63 65 3d 22 79 7a 57 61 52 41 m",nonce="yzWaRA
0060: 51 46 34 38 70 39 4e 2f 4d 58 46 6b 39 38 6a 6f QF48p9N/MXFk98jo
0070: 4c 54 5a 4e 68 52 2f 6c 4e 38 79 33 51 44 4b 59 LTZNhR/lN8y3QDKY
0080: 63 55 32 4e 4d 3d 22 2c 63 6e 6f 6e 63 65 3d 22 cU2NM=",cnonce="
0090: 6c 30 43 32 64 75 35 62 46 6c 4b 34 67 68 4e 4e l0C2du5bFlK4ghNN
00a0: 72 41 4a 47 43 75 6d 72 45 51 2f 56 75 4b 61 5a rAJGCumrEQ/VuKaZ
00b0: 39 6b 65 5a 6a 5a 54 6b 67 6a 6f 3d 22 2c 6e 63 9keZjZTkgjo=",nc
00c0: 3d 30 30 30 30 30 30 30 31 2c 71 6f 70 3d 61 75 =00000001,qop=au
00d0: 74 68 2d 63 6f 6e 66 2c 63 69 70 68 65 72 3d 72 th-conf,cipher=r
00e0: 63 34 2c 6d 61 78 62 75 66 3d 31 36 37 37 37 32 c4,maxbuf=167772
00f0: 31 35 2c 64 69 67 65 73 74 2d 75 72 69 3d 22 6c 15,digest-uri="l
0100: 64 61 70 2f 70 78 65 30 31 2e 61 72 63 68 73 79 dap/pxe01.archsy
0110: 73 74 65 6d 2e 63 6f 6d 22 2c 72 65 73 70 6f 6e stem.com",respon
0120: 73 65 3d 36 66 36 36 32 65 37 32 31 36 37 37 66 se=6f662e721677f
0130: 39 36 31 33 66 62 30 62 30 62 33 63 39 36 35 64 9613fb0b0b3c965d
0140: 39 64 30 9d0
ber_scanf fmt (m) ber:
ber_dump: buf=0x8382440 ptr=0x838245c end=0x838258f len=307
0000: 00 82 01 2f 75 73 65 72 6e 61 6d 65 3d 22 6c 64 .../username="ld
0010: 61 70 5f 75 73 65 72 40 6d 79 64 6f 6d 61 69 6e ap_user@mydomain
0020: 2e 63 6f 6d 22 2c 72 65 61 6c 6d 3d 22 70 78 65 .com",realm="pxe
0030: 30 31 2e 61 72 63 68 73 79 73 74 65 6d 2e 63 6f 01.archsystem.co
0040: 6d 22 2c 6e 6f 6e 63 65 3d 22 79 7a 57 61 52 41 m",nonce="yzWaRA
0050: 51 46 34 38 70 39 4e 2f 4d 58 46 6b 39 38 6a 6f QF48p9N/MXFk98jo
0060: 4c 54 5a 4e 68 52 2f 6c 4e 38 79 33 51 44 4b 59 LTZNhR/lN8y3QDKY
0070: 63 55 32 4e 4d 3d 22 2c 63 6e 6f 6e 63 65 3d 22 cU2NM=",cnonce="
0080: 6c 30 43 32 64 75 35 62 46 6c 4b 34 67 68 4e 4e l0C2du5bFlK4ghNN
0090: 72 41 4a 47 43 75 6d 72 45 51 2f 56 75 4b 61 5a rAJGCumrEQ/VuKaZ
00a0: 39 6b 65 5a 6a 5a 54 6b 67 6a 6f 3d 22 2c 6e 63 9keZjZTkgjo=",nc
00b0: 3d 30 30 30 30 30 30 30 31 2c 71 6f 70 3d 61 75 =00000001,qop=au
00c0: 74 68 2d 63 6f 6e 66 2c 63 69 70 68 65 72 3d 72 th-conf,cipher=r
00d0: 63 34 2c 6d 61 78 62 75 66 3d 31 36 37 37 37 32 c4,maxbuf=167772
00e0: 31 35 2c 64 69 67 65 73 74 2d 75 72 69 3d 22 6c 15,digest-uri="l
00f0: 64 61 70 2f 70 78 65 30 31 2e 61 72 63 68 73 79 dap/pxe01.archsy
0100: 73 74 65 6d 2e 63 6f 6d 22 2c 72 65 73 70 6f 6e stem.com",respon
0110: 73 65 3d 36 66 36 36 32 65 37 32 31 36 37 37 66 se=6f662e721677f
0120: 39 36 31 33 66 62 30 62 30 62 33 63 39 36 35 64 9613fb0b0b3c965d
0130: 39 64 30 9d0
ber_scanf fmt (}}) ber:
ber_dump: buf=0x8382440 ptr=0x838258f end=0x838258f len=0
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
conn=1000 op=1 BIND dn="" method=163
do_bind: dn () SASL mech DIGEST-MD5
==> sasl_bind: dn="" mech=<continuing> datalen=303
SASL [conn=1000] Debug: DIGEST-MD5 server step 2
SASL Canonicalize [conn=1000]: authcid="ldap_user@mydomain.com"
slap_sasl_getdn: conn 1000 id=ldap_user@mydomain.com [len=22]
=> ldap_dn2bv(16)
<= ldap_dn2bv(uid=ldap_user@mydomain.com,cn=DIGEST-MD5,cn=auth)=0
slap_sasl_getdn: u:id converted to
uid=ldap_user@mydomain.com,cn=DIGEST-MD5,cn=auth
>>> dnNormalize: <uid=ldap_user@mydomain.com,cn=DIGEST-MD5,cn=auth>
=> ldap_bv2dn(uid=ldap_user@mydomain.com,cn=DIGEST-MD5,cn=auth,0)
<= ldap_bv2dn(uid=ldap_user@mydomain.com,cn=DIGEST-MD5,cn=auth)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=ldap_user@mydomain.com,cn=digest-md5,cn=auth)=0
<<< dnNormalize: <uid=ldap_user@mydomain.com,cn=digest-md5,cn=auth>
==>slap_sasl2dn: converting SASL name
uid=ldap_user@mydomain.com,cn=digest-md5,cn=auth to a DN
==> rewrite_context_apply [depth=1]
string='uid=ldap_user@mydomain.com,cn=digest-md5,cn=auth'
==> rewrite_rule_apply rule='uid=([^@]+)([^,]+),cn=digest-md5,cn=auth'
string='uid=ldap_user@mydomain.com,cn=digest-md5,cn=auth' [1 pass(es)]
==> rewrite_context_apply [depth=1]
res={0,'uid=ldap_user,ou=users,dc=mydomain,dc=com'}
[rw] authid: "uid=ldap_user@mydomain.com,cn=digest-md5,cn=auth" ->
"uid=ldap_user,ou=users,dc=mydomain,dc=com"
slap_parseURI: parsing uid=ldap_user,ou=users,dc=mydomain,dc=com
ldap_url_parse_ext(uid=ldap_user,ou=users,dc=mydomain,dc=com)
>>> dnNormalize: <uid=ldap_user,ou=users,dc=mydomain,dc=com>
=> ldap_bv2dn(uid=ldap_user,ou=users,dc=mydomain,dc=com,0)
<= ldap_bv2dn(uid=ldap_user,ou=users,dc=mydomain,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=ldap_user,ou=users,dc=mydomain,dc=com)=0
<<< dnNormalize: <uid=ldap_user,ou=users,dc=mydomain,dc=com>
<==slap_sasl2dn: Converted SASL name to
uid=ldap_user,ou=users,dc=mydomain,dc=com
slap_sasl_getdn: dn:id converted to uid=ldap_user,ou=users,dc=mydomain,dc=com
SASL Canonicalize [conn=1000]:
slapAuthcDN="uid=ldap_user,ou=users,dc=mydomain,dc=com"
SASL Canonicalize [conn=1000]: authzid="ldap_user@mydomain.com"
SASL proxy authorize [conn=1000]: authcid="ldap_user@mydomain.com"
authzid="ldap_user@mydomain.com"
==>slap_sasl_authorized: can uid=ldap_user,ou=users,dc=mydomain,dc=com
become password1?
<== slap_sasl_authorized: return 48
SASL Proxy Authorize [conn=1000]: proxy authorization disallowed (48)
SASL [conn=1000] Failure: not authorized
send_ldap_result: conn=1000 op=1 p=3
send_ldap_result: err=50 matched="" text="SASL(-14): authorization
failure: not authorized"
send_ldap_response: msgid=2 tag=97 err=50
ber_flush2: 62 bytes to sd 12
0000: 30 3c 02 01 02 61 37 0a 01 32 04 00 04 30 53 41 0<...a7..2...0SA
0010: 53 4c 28 2d 31 34 29 3a 20 61 75 74 68 6f 72 69 SL(-14): authori
0020: 7a 61 74 69 6f 6e 20 66 61 69 6c 75 72 65 3a 20 zation failure:
0030: 6e 6f 74 20 61 75 74 68 6f 72 69 7a 65 64 not authorized
ldap_write: want=62, written=62
0000: 30 3c 02 01 02 61 37 0a 01 32 04 00 04 30 53 41 0<...a7..2...0SA
0010: 53 4c 28 2d 31 34 29 3a 20 61 75 74 68 6f 72 69 SL(-14): authori
0020: 7a 61 74 69 6f 6e 20 66 61 69 6c 75 72 65 3a 20 zation failure:
0030: 6e 6f 74 20 61 75 74 68 6f 72 69 7a 65 64 not authorized
conn=1000 op=1 RESULT tag=97 err=50 text=SASL(-14): authorization
failure: not authorized
<== slap_sasl_bind: rc=50
daemon: activity on 1 descriptor
daemon: activity on: 12r
daemon: read active on 12
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
connection_get(12)
connection_get(12): got connid=1000
connection_read(12): checking for input on id=1000
ber_get_next
ldap_read: want=8, got=0
ber_get_next on fd 12 failed errno=0 (Success)
connection_read(12): input error=-2 id=1000, closing.
connection_closing: readying conn=1000 sd=12 for close
connection_close: conn=1000 sd=12
daemon: removing 12
conn=1000 fd=12 closed (connection lost)
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL