[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SASL EXTERNAL auth issues

>> Michael,
>> 
>> 	Please excuse broken threading, your reply email got rejected cause
sender IP was not in SPF record of the domain, though now its ok. 
>> 
>> 
>> 	Thanks for your feedback. I tried to use ldapwhoami, however it
returned the same error "ldap_sasl_interactive_bind_s: Local error (-2)".
>> 
>> Output with debug enabled:
>> 
>> [root@oldp4-dk-vm ~]# ldapwhoami -H ldapi:/// -Y EXTERNAL -d 3
>> ldap_url_parse_ext(ldapi:///)
>> ldap_create
>> ldap_url_parse_ext(ldapi:///??base)
>> ldap_sasl_interactive_bind: user selected: EXTERNAL
>> ldap_int_sasl_bind: EXTERNAL
>> ldap_new_connection 1 1 0
>> ldap_int_open_connection
>> ldap_connect_to_path
>> ldap_new_socket: 3
>> ldap_connect_to_path: Trying /usr/local/openldap/var/run/ldapi
>
>It seems you're using a local OpenLDAP build.
>
>So I'd try first:
>/usr/local/openldap/bin/ldapwhoami -H ldapi:/// -Y EXTERNAL -d 3
>
>Ciao, Michael.

Michael,

   I am using the openldap from ltb (ltb-project.org), which installs under
/usr/local/openldap. 

[root@oldp4-dk-vm openldap]# /usr/local/openldap/bin/ldapwhoami -H ldapi:///
-Y EXTERNAL -d 3
ldap_url_parse_ext(ldapi:///)
ldap_create
ldap_url_parse_ext(ldapi:///??base)
ldap_sasl_interactive_bind: user selected: EXTERNAL
ldap_int_sasl_bind: EXTERNAL
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_path
ldap_new_socket: 3
ldap_connect_to_path: Trying /usr/local/openldap/var/run/ldapi
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_ndelay_off: 3
ldap_msgfree
ldap_err2string
ldap_sasl_interactive_bind_s: Local error (-2)
ldap_free_connection 1 1
ldap_send_unbind
ber_flush2: 7 bytes to sd 3
ldap_write: want=7, written=7
  0000:  30 05 02 01 01 42 00                               0....B.
ldap_free_connection: actually freed
[root@oldp4-dk-vm openldap]#

Noted that in /usr/local/openldap/etc/openldap/ldap.conf I had SASL_NOCANON
set to on (it was copied over from RHEL7 openldap package). Removed it and
SASL EXTERNAL works fine.

[root@oldp4-dk-vm openldap]# /usr/local/openldap/bin/ldapwhoami -H ldapi:///
-Y EXTERNAL
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn:gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
[root@oldp4-dk-vm openldap]#

Thanks a lot for all your help.


Kenneth

Attachment: smime.p7s
Description: S/MIME cryptographic signature