Full_Name: Quanah Gibson-Mount Version: RE24 1/4/2011 OS: Linux 2.6 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (75.111.45.108)
The ldapwhoami utility was recently modified to use ldap_parse_whoami. This change appears to have broken test014:
Testing ldapwhoami as cn=Manager,dc=example,dc=com for dn:cn=Barbara Jensen,ou=Information Technology DivisioN,ou=People,dc=example,dc=com... ldap_parse_result: Proxied Authorization Denied (123) additional info: authzId mapping failed Result: Proxied Authorization Denied (123) Additional info: authzId mapping failed ldapwhoami failed (1)!
Something seems seriously wrong with how it is parsing/passed the controls:
<<< dnPrettyNormal: <cn=Manager,dc=example,dc=com>, <cn=manager,dc=example,dc=com> conn=1004 op=0 BIND dn="cn=Manager,dc=example,dc=com" method=128 do_bind: version=3 dn="cn=Manager,dc=example,dc=com" method=128 ==> hdb_bind: dn: cn=Manager,dc=example,dc=com conn=1004 op=0 BIND dn="cn=Manager,dc=example,dc=com" mech=SIMPLE ssf=0 do_bind: v3 bind: "cn=Manager,dc=example,dc=com" to "cn=Manager,dc=example,dc=com" send_ldap_result: conn=1004 op=0 p=3 send_ldap_result: err=0 matched="" text="" send_ldap_response: msgid=1 tag=97 err=0 ber_flush2: 14 bytes to sd 12 conn=1004 op=0 RESULT tag=97 err=0 text= connection_get(12) connection_get(12): got connid=1004 connection_read(12): checking for input on id=1004 ber_get_next ber_get_next: tag 0x30 len 76 contents: op tag 0x77, time 1294175708 ber_get_next conn=1004 op=1 do_extended ber_scanf fmt ({m) ber: => get_ctrls ber_scanf fmt ({m) ber: ber_scanf fmt (b) ber: ber_scanf fmt (m) ber: => get_ctrls: oid="2.16.840.1.113730.3.4.18" (critical) parseProxyAuthz: conn 1004 authzid="dn:cn=Ba<80><90>x" slap_sasl_getdn: conn 1004 id=dn:cn=Ba<80><90>x [len=11]
dnNormalize: <cn=Ba<80><90>x>
=> ldap_bv2dn(cn=Ba<80><90>x,0) <= ldap_bv2dn(cn=Ba<80><90>x)=0 <= get_ctrls: n=1 rc=123 err="authzId mapping failed" send_ldap_result: conn=1004 op=1 p=3 send_ldap_result: err=123 matched="" text="authzId mapping failed" send_ldap_response: msgid=2 tag=120 err=123 ber_flush2: 36 bytes to sd 12 conn=1004 op=1 RESULT tag=120 err=123 text=authzId mapping failed conn=1004 op=1 do_extended: get_ctrls failed connection_get(12) connection_get(12): got connid=1004 connection_read(12): checking for input on id=1004 ber_get_next
-
quanah@OpenLDAP.org