--On Thursday, February 22, 2007 12:23 AM +0100 Pierangelo Masarati ando@sys-net.it wrote:
I have never tested back-ldap with GSSAPI; however, config parsing exploits the slap_bindconf() code that's used throughout slapd (e.g. in syncrepl), and the related SASL bind code was basically adapted from the same source, and it is known to work with other SASL mechs. I guess the devil is in the details, as usual. Can you debug it a little bit further, e.g. by running with -d "stats,args,trace", or even more?
Sure. Which configuration do you want me to try it with? ;) Here is -d -1 with this config:
idassert-bind bindmethod=sasl saslmech=gssapi realm=stanford.edu authcID=service/mailrouter@stanford.edu
authzID=dn:cn=mailrouter,cn=service,cn=applications,dc=stanford,dc=edu
daemon: activity on 1 descriptor
slap_listener(ldap:///)daemon: listen=7, new connection on 8
ldap_pvt_gethostbyname_a: host=smtp-dev.stanford.edu, r=0 daemon: added 8r (active) listener=(nil) conn=0 fd=8 ACCEPT from IP=127.0.0.1:43402 (IP=0.0.0.0:389) daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: 8r daemon: read activity on 8 connection_get(8) connection_get(8): got connid=0 connection_read(8): checking for input on id=0 ber_get_next ldap_read: want=8, got=8 0000: 30 0c 02 01 01 60 07 02 0....`.. ldap_read: want=6, got=6 0000: 01 03 04 00 80 00 ...... ber_get_next: tag 0x30 len 12 contents: ber_dump: buf=0x08193c48 ptr=0x08193c48 end=0x08193c54 len=12 0000: 02 01 01 60 07 02 01 03 04 00 80 00 ...`........ ber_get_next ldap_read: want=8 error=Resource temporarily unavailable ber_get_next on fd 8 failed errno=11 (Resource temporarily unavailable) daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL do_bind ber_scanf fmt ({imt) ber: ber_dump: buf=0x08193c48 ptr=0x08193c4b end=0x08193c54 len=9 0000: 60 07 02 01 03 04 00 80 00 `........ ber_scanf fmt (m}) ber: ber_dump: buf=0x08193c48 ptr=0x08193c52 end=0x08193c54 len=2 0000: 00 00 ..
dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <> do_bind: version=3 dn="" method=128 conn=0 op=0 BIND dn="" method=128 send_ldap_result: conn=0 op=0 p=3 send_ldap_result: err=0 matched="" text="" send_ldap_response: msgid=1 tag=97 err=0 ber_flush: 14 bytes to sd 8 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........ ldap_write: want=14, written=14 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........ conn=0 op=0 RESULT tag=97 err=0 text= do_bind: v3 anonymous bind daemon: activity on 1 descriptor daemon: activity on: 8r daemon: read activity on 8 connection_get(8) connection_get(8): got connid=0 connection_read(8): checking for input on id=0 ber_get_next ldap_read: want=8, got=8 0000: 30 39 02 01 02 63 34 04 09...c4. ldap_read: want=51, got=51 0000: 12 64 63 3d 73 74 61 6e 66 6f 72 64 2c 64 63 3d .dc=stanford,dc= 0010: 65 64 75 0a 01 02 0a 01 00 02 01 00 02 01 00 01 edu............. 0020: 01 00 a3 0d 04 03 75 69 64 04 06 71 75 61 6e 61 ......uid..quana 0030: 68 30 00 h0. ber_get_next: tag 0x30 len 57 contents: ber_dump: buf=0x08195738 ptr=0x08195738 end=0x08195771 len=57 0000: 02 01 02 63 34 04 12 64 63 3d 73 74 61 6e 66 6f ...c4..dc=stanfo 0010: 72 64 2c 64 63 3d 65 64 75 0a 01 02 0a 01 00 02 rd,dc=edu....... 0020: 01 00 02 01 00 01 01 00 a3 0d 04 03 75 69 64 04 ............uid. 0030: 06 71 75 61 6e 61 68 30 00 .quanah0. ber_get_next ldap_read: want=8 error=Resource temporarily unavailable ber_get_next on fd 8 failed errno=11 (Resource temporarily unavailable) daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL do_search ber_scanf fmt ({miiiib) ber: ber_dump: buf=0x08195738 ptr=0x0819573b end=0x08195771 len=54 0000: 63 34 04 12 64 63 3d 73 74 61 6e 66 6f 72 64 2c c4..dc=stanford, 0010: 64 63 3d 65 64 75 0a 01 02 0a 01 00 02 01 00 02 dc=edu.......... 0020: 01 00 01 01 00 a3 0d 04 03 75 69 64 04 06 71 75 .........uid..qu 0030: 61 6e 61 68 30 00 anah0.
dnPrettyNormal: <dc=stanford,dc=edu>
=> ldap_bv2dn(dc=stanford,dc=edu,0) <= ldap_bv2dn(dc=stanford,dc=edu)=0 => ldap_dn2bv(272) <= ldap_dn2bv(dc=stanford,dc=edu)=0 => ldap_dn2bv(272) <= ldap_dn2bv(dc=stanford,dc=edu)=0 <<< dnPrettyNormal: <dc=stanford,dc=edu>, <dc=stanford,dc=edu> SRCH "dc=stanford,dc=edu" 2 0 0 0 0 begin get_filter EQUALITY ber_scanf fmt ({mm}) ber: ber_dump: buf=0x08195738 ptr=0x08195760 end=0x08195771 len=17 0000: a3 0d 04 03 75 69 64 04 06 71 75 61 6e 61 68 30 ....uid..quanah0 0010: 00 . end get_filter 0 filter: (uid=quanah) ber_scanf fmt ({M}}) ber: ber_dump: buf=0x08195738 ptr=0x0819576f end=0x08195771 len=2 0000: 00 00 .. attrs: conn=0 op=1 SRCH base="dc=stanford,dc=edu" scope=2 deref=0 filter="(uid=quanah)" ==> limits_get: conn=0 op=1 dn="[anonymous]" ldap_create ldap_url_parse_ext(ldap://ldap-test1.stanford.edu) =>ldap_back_getconn: conn 0x81a17c0 inserted refcnt=1 binding=1 send_ldap_result: conn=0 op=1 p=3 send_ldap_result: err=7 matched="" text="" send_ldap_response: msgid=2 tag=101 err=7 ber_flush: 14 bytes to sd 8 0000: 30 0c 02 01 02 65 07 0a 01 07 04 00 04 00 0....e........ ldap_write: want=14, written=14 0000: 30 0c 02 01 02 65 07 0a 01 07 04 00 04 00 0....e........ conn=0 op=1 SEARCH RESULT tag=101 err=7 nentries=0 text= daemon: activity on 1 descriptor daemon: activity on: 8r daemon: read activity on 8 connection_get(8) connection_get(8): got connid=0 connection_read(8): checking for input on id=0 ber_get_next ldap_read: want=8, got=7 0000: 30 05 02 01 03 42 00 0....B. ber_get_next: tag 0x30 len 5 contents: ber_dump: buf=0x08195898 ptr=0x08195898 end=0x0819589d len=5 0000: 02 01 03 42 00 ...B. ber_get_next ldap_read: want=8, got=0 do_unbind conn=0 op=2 UNBIND ber_get_next on fd 8 failed errno=0 (Success) connection_read(8): input error=-2 id=0, closing. connection_closing: readying conn=0 sd=8 for close connection_close: deferring conn=0 sd=8 daemon: select: listen=6 active_threads=0 tvp=NULL connection_resched: attempting closing conn=0 sd=8 daemon: select: listen=7 active_threads=0 tvp=NULL connection_close: conn=0 sd=8 daemon: activity on 1 descriptor =>ldap_back_conn_destroy: fetching conn 0 daemon: waked daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL daemon: removing 8 conn=0 fd=8 closed
I don't actually see any activity on ldap-test1, either.
--Quanah
-- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html