Re: Problems Enabling Authentication using Cyrus SASL

16 Nov 2010


      Fernando Torrez fernando_torrez@hotmail.com writes:
...
Hi all
I tried to enable SASL authentication using Cyrus SASL  to both connect to

openldap server and to authenticate users as this document explains:
        http://www.arschkrebs.de/slides/surviving_cyrus_sasl-handout.pdf
    I studied openldap and Cyrus SASL documentations with no success
First, you mix saslauthd and ldapdb, I would recommend to stick to
ldapdb and refrain from saslauthd if you want authenticate ldap based
users on behalf of a network base service, like smtp or imap.
You probably should read
http://www.openldap.org/doc/admin24/sasl.html#SASL%20Proxy%20Authorization
If you just want to use sasl authentication against slapd, this is
quite easy,
1. create plaintext passwords ( no hashing), your password is md5 hashed.
2. add 'olcAuthzRegexp' rule sets to cn=config in order to map the
   sasl authentication string 'uid=<uid>,cn=<mechanism>,cn=auth' to an
   entry,
3. test your setup with ldapwhoami
-Dieter
...
        CONFIGURATION FILES
/etc/saslauthd.conf

ldap_servers: ldap://127.0.0.1/ ldap://192.168.1.2/
ldap_search_base: ou=people,dc=plainjoe,dc=org
ldap_filter: (userPrincipalName=%u)
ldap_bind_dn: uid=proxyuser,ou=people,dc=plainjoe,dc=org
ldap_password: secret
/etc/openldap/slapd.conf

include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/rfc2307bis.schema
include         /etc/openldap/schema/yast.schema
loglevel        -1
pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
access to attrs=userPassword,userPKCS12
        by self write
        by anonymous auth
        by dn.base="uid=proxyuser,ou=people,dc=plainjoe,dc=org" manage
        by users read
        by * none
access to *
        by * read
database        bdb
suffix          "dc=plainjoe,dc=org"
checkpoint      1024    5
cachesize       10000
rootdn          "cn=Manager,dc=plainjoe,dc=org"
# the password is: secret
rootpw  {MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ==
directory       /var/lib/ldap
index   objectClass         eq
index   cn,sn,mail          eq,sub
index   departmentNumber    eq
password-hash {CLEARTEXT}
authz-regexp
   uid=([^,]*),cn=[^,]*,cn=auth
   uid=$1,ou=people,dc=plainjoe,dc=org
authz-policy to
sasl-authz-policy to
sasl-regexp
   uid=(.*),cn=DIGEST-MD5,cn=auth
   uid=$1,ou=people,dc=plainjoe,dc=org
sasl-auxprops slapd
sasl-host localhost
/etc/sasl2/slapd.conf

log_level: 7
mech_list: DIGEST-MD5
pwcheck_method: saslauthd
saslauthd_path: /var/run/sasl2/mux
#pwcheck_method: auxprop
#auxprop_plugin: slapd
#   auxprop_plugin: ldapdb
ldapdb_uri: ldap://localhost
ldapdb_id: proxyuser
ldapdb_pw: secret
ldapdb_mech: DIGEST-MD5
No, this is a no no, slapd cannot make use of ldapdb
...
        DATA STORED ON LDAP SERVER

firewall:~/openldap # slapcat
bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
dn: dc=plainjoe,dc=org
dc: plainjoe
objectClass: dcObject
objectClass: organizationalUnit
ou: PlainJoe Dot Org
structuralObjectClass: organizationalUnit
entryUUID: 0335be26-7c73-102f-8bd2-599020d843b8
creatorsName: cn=Manager,dc=plainjoe,dc=org
createTimestamp: 20101104152159Z
entryCSN: 20101104152159.733766Z#000000#000#000000
modifiersName: cn=Manager,dc=plainjoe,dc=org
modifyTimestamp: 20101104152159Z
dn: ou=people,dc=plainjoe,dc=org
ou: people
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID: 033e9352-7c73-102f-8bd3-599020d843b8
creatorsName: cn=Manager,dc=plainjoe,dc=org
createTimestamp: 20101104152159Z
entryCSN: 20101105231448.878588Z#000000#000#000000
modifiersName: cn=Manager,dc=plainjoe,dc=org
modifyTimestamp: 20101105231448Z
dn: cn=Gerald W. Carter,ou=people,dc=plainjoe,dc=org
cn: Gerald W. Carter
sn: Carter
mail: jerry@plainjoe.org
labeledURI: http://www.plainjoe.org/
roomNumber: 1234 Dudley Hall
departmentNumber: Engineering
telephoneNumber: 222-555-2345
pager: 222-555-6789
mobile: 222-555-1011
objectClass: inetOrgPerson
structuralObjectClass: inetOrgPerson
entryUUID: 6d8be49c-7c7a-102f-8bd4-599020d843b8
creatorsName: cn=Manager,dc=plainjoe,dc=org
createTimestamp: 20101104161504Z
entryCSN: 20101104162307.381290Z#000000#000#000000
modifiersName: cn=Manager,dc=plainjoe,dc=org
modifyTimestamp: 20101104162307Z
dn: cn=Gerry Carter,ou=people,dc=plainjoe,dc=org
sn: Carter
mail: carter@nowhere.net
objectClass: inetOrgPerson
structuralObjectClass: inetOrgPerson
entryUUID: 6da59928-7c7a-102f-8bd5-599020d843b8
creatorsName: cn=Manager,dc=plainjoe,dc=org
createTimestamp: 20101104161504Z
labeledURI: http://www.plainjoe.org/~jerry/
telephoneNumber: 234-555-6789 begin_of_the_skype_highlighting           
234-555-6789      end_of_the_skype_highlighting
cn: Gerry Carter
userPassword:: Z2Vycnk=
entryCSN: 20101104212850.439996Z#000000#000#000000
modifiersName: cn=Manager,dc=plainjoe,dc=org
modifyTimestamp: 20101104212850Z
dn: uid=fernandito,ou=people,dc=plainjoe,dc=org
uid: fernandito
cn: Fernandito Torrez
gidNumber: 10000
uidNumber: 10000
homeDirectory: /dev/null
objectClass: account
objectClass: posixAccount
userPassword:: e21kNX1kZDAyYzdjMjIzMjc1OTg3NGUxYzIwNTU4NzAxN2JlZA==
structuralObjectClass: account
entryUUID: 44afffcc-7f90-102f-8d26-bf24473f4596
creatorsName: cn=Manager,dc=plainjoe,dc=org
createTimestamp: 20101108142858Z
entryCSN: 20101108142858.480384Z#000000#000#000000
modifiersName: cn=Manager,dc=plainjoe,dc=org
modifyTimestamp: 20101108142858Z
dn: uid=test,ou=people,dc=plainjoe,dc=org
uid: test
cn: testeo principal
gidNumber: 10001
uidNumber: 10001
homeDirectory: /dev/null
objectClass: account
objectClass: posixAccount
structuralObjectClass: account
entryUUID: b3b5d6f4-8133-102f-9b9b-294e4b3fed35
creatorsName: cn=Manager,dc=plainjoe,dc=org
createTimestamp: 20101110163123Z
userPassword:: e01ENX1DWTlyelVZaDAzUEszazZESmllMDlnPT0=
entryCSN: 20101110190152.065873Z#000000#000#000000
modifiersName: cn=Manager,dc=plainjoe,dc=org
modifyTimestamp: 20101110190152Z
dn: uid=proxyuser,ou=people,dc=plainjoe,dc=org
uid: proxyuser
cn: proxyuser
gidNumber: 10002
uidNumber: 10002
homeDirectory: /dev/null
objectClass: account
objectClass: posixAccount
userPassword:: e01ENX1YcjRpbE96UTRQQ09xM2FRMHFidWFRPT0=
authzTo: dn.regex:uniqueIdentifier=(.*),ou=people,dc=plainjoe,dc=org
structuralObjectClass: account
entryUUID: 85999ef4-8214-102f-9c1d-411cc739a95b
creatorsName: cn=Manager,dc=plainjoe,dc=org
createTimestamp: 20101111192043Z
entryCSN: 20101111192043.279474Z#000000#000#000000
modifiersName: cn=Manager,dc=plainjoe,dc=org
modifyTimestamp: 20101111192043Z
        OPENLDAP LOGS

1    Nov 11 17:19:07 firewall slapd[11011]: daemon: activity on 1 descriptor
2    Nov 11 17:19:07 firewall slapd[11011]: daemon: activity on:
3    Nov 11 17:19:07 firewall slapd[11011]:
4    Nov 11 17:19:07 firewall slapd[11011]: slap_listener_activate(8):
5    Nov 11 17:19:07 firewall slapd[11011]: daemon: epoll: listen=7
active_threads=0 tvp=zero
6    Nov 11 17:19:07 firewall slapd[11011]: daemon: epoll: listen=8 busy
7    Nov 11 17:19:07 firewall slapd[11011]: >>> slap_listener(ldap://)
8    Nov 11 17:19:07 firewall slapd[11011]: daemon: listen=8, new connection
on 12
9    Nov 11 17:19:07 firewall slapd[11011]: daemon: added 12r (active)
listener=(nil)
10    Nov 11 17:19:07 firewall slapd[11011]: conn=1001 fd=12 ACCEPT from IP=
[::1]:47665 (IP=[::]:389)
11    Nov 11 17:19:07 firewall slapd[11011]: daemon: activity on 1 descriptor
12    Nov 11 17:19:07 firewall slapd[11011]: daemon: activity on:
13    Nov 11 17:19:07 firewall slapd[11011]:
14    Nov 11 17:19:07 firewall slapd[11011]: daemon: epoll: listen=7
active_threads=0 tvp=zero
15    Nov 11 17:19:07 firewall slapd[11011]: daemon: epoll: listen=8
active_threads=0 tvp=zero
16    Nov 11 17:19:07 firewall slapd[11011]: daemon: activity on 1 descriptor
17    Nov 11 17:19:07 firewall slapd[11011]: daemon: activity on:
18    Nov 11 17:19:07 firewall slapd[11011]:  12r
19    Nov 11 17:19:07 firewall slapd[11011]:
20    Nov 11 17:19:07 firewall slapd[11011]: daemon: read active on 12
21    Nov 11 17:19:07 firewall slapd[11011]: daemon: epoll: listen=7
active_threads=0 tvp=zero
22    Nov 11 17:19:07 firewall slapd[11011]: daemon: epoll: listen=8
active_threads=0 tvp=zero
23    Nov 11 17:19:07 firewall slapd[11011]: connection_get(12)
24    Nov 11 17:19:07 firewall slapd[11011]: connection_get(12): got connid=
1001
25    Nov 11 17:19:07 firewall slapd[11011]: connection_read(12): checking for
input on id=1001
26    Nov 11 17:19:07 firewall slapd[11011]: op tag 0x60, time 1289510347
27    Nov 11 17:19:07 firewall slapd[11011]: conn=1001 op=0 do_bind
28    Nov 11 17:19:07 firewall slapd[11011]: >>> dnPrettyNormal: <>
29    Nov 11 17:19:07 firewall slapd[11011]: <<< dnPrettyNormal: <>, <>
30    Nov 11 17:19:07 firewall slapd[11011]: conn=1001 op=0 BIND dn="" method=
163
31    Nov 11 17:19:07 firewall slapd[11011]: do_bind: dn () SASL mech
DIGEST-MD5
32    Nov 11 17:19:07 firewall slapd[11011]: ==> sasl_bind: dn="" mech=
DIGEST-MD5 datalen=0
33    Nov 11 17:19:07 firewall slapd[11011]: SASL [conn=1001] Debug:
DIGEST-MD5 server step 1
34    Nov 11 17:19:07 firewall slapd[11011]: send_ldap_sasl: err=14 len=182
35    Nov 11 17:19:07 firewall slapd[11011]: send_ldap_response: msgid=1 tag=
97 err=14
36    Nov 11 17:19:07 firewall slapd[11011]: conn=1001 op=0 RESULT tag=97 err=
14 text=SASL(0): successful result:
37    Nov 11 17:19:07 firewall slapd[11011]: <== slap_sasl_bind: rc=14
38    Nov 11 17:19:07 firewall slapd[11011]: daemon: activity on 1 descriptor
39    Nov 11 17:19:07 firewall slapd[11011]: daemon: activity on:
40    Nov 11 17:19:07 firewall slapd[11011]:
41    Nov 11 17:19:07 firewall slapd[11011]: daemon: epoll: listen=7
active_threads=0 tvp=zero
42    Nov 11 17:19:07 firewall slapd[11011]: daemon: epoll: listen=8
active_threads=0 tvp=zero
43    Nov 11 17:19:07 firewall ldapwhoami: DIGEST-MD5 client step 2
44    Nov 11 17:19:10 firewall ldapwhoami: DIGEST-MD5 client step 2
45    Nov 11 17:19:10 firewall slapd[11011]: daemon: activity on 1 descriptor
46    Nov 11 17:19:10 firewall slapd[11011]: daemon: activity on:
47    Nov 11 17:19:10 firewall slapd[11011]:  12r
48    Nov 11 17:19:10 firewall slapd[11011]:
49    Nov 11 17:19:10 firewall slapd[11011]: daemon: read active on 12
50    Nov 11 17:19:10 firewall slapd[11011]: daemon: epoll: listen=7
active_threads=0 tvp=zero
51    Nov 11 17:19:10 firewall slapd[11011]: daemon: epoll: listen=8
active_threads=0 tvp=zero
52    Nov 11 17:19:10 firewall slapd[11011]: connection_get(12)
53    Nov 11 17:19:10 firewall slapd[11011]: connection_get(12): got connid=
1001
54    Nov 11 17:19:10 firewall slapd[11011]: connection_read(12): checking for
input on id=1001
55    Nov 11 17:19:10 firewall slapd[11011]: op tag 0x60, time 1289510350
56    Nov 11 17:19:10 firewall slapd[11011]: conn=1001 op=1 do_bind
57    Nov 11 17:19:10 firewall slapd[11011]: >>> dnPrettyNormal: <>
58    Nov 11 17:19:10 firewall slapd[11011]: <<< dnPrettyNormal: <>, <>
59    Nov 11 17:19:10 firewall slapd[11011]: conn=1001 op=1 BIND dn="" method=
163
60    Nov 11 17:19:10 firewall slapd[11011]: do_bind: dn () SASL mech
DIGEST-MD5
61    Nov 11 17:19:10 firewall slapd[11011]: ==> sasl_bind: dn="" mech=
<continuing> datalen=296
62    Nov 11 17:19:10 firewall slapd[11011]: SASL [conn=1001] Debug:
DIGEST-MD5 server step 2
63    Nov 11 17:19:10 firewall slapd[11011]: SASL Canonicalize [conn=1001]:
authcid="proxyuser"
64    Nov 11 17:19:10 firewall slapd[11011]: slap_sasl_getdn: conn 1001 id=
proxyuser [len=9]
65    Nov 11 17:19:10 firewall slapd[11011]: slap_sasl_getdn: u:id converted
to uid=proxyuser,cn=DIGEST-MD5,cn=auth
66    Nov 11 17:19:10 firewall slapd[11011]: >>> dnNormalize: <uid=
proxyuser,cn=DIGEST-MD5,cn=auth>
67    Nov 11 17:19:10 firewall slapd[11011]: <<< dnNormalize: <uid=
proxyuser,cn=digest-md5,cn=auth>
68    Nov 11 17:19:10 firewall slapd[11011]: ==>slap_sasl2dn: converting SASL
name uid=proxyuser,cn=digest-md5,cn=auth to a DN
69    Nov 11 17:19:10 firewall slapd[11011]: [rw] authid: "uid=proxyuser,cn=
digest-md5,cn=auth" -> "uid=proxyuser,ou=people,dc=plainjoe,dc=org"
70    Nov 11 17:19:10 firewall slapd[11011]: slap_parseURI: parsing uid=
proxyuser,ou=people,dc=plainjoe,dc=org
71    Nov 11 17:19:10 firewall slapd[11011]: >>> dnNormalize: <uid=
proxyuser,ou=people,dc=plainjoe,dc=org>
72    Nov 11 17:19:10 firewall slapd[11011]: <<< dnNormalize: <uid=
proxyuser,ou=people,dc=plainjoe,dc=org>
73    Nov 11 17:19:10 firewall slapd[11011]: <==slap_sasl2dn: Converted SASL
name to uid=proxyuser,ou=people,dc=plainjoe,dc=org
74    Nov 11 17:19:10 firewall slapd[11011]: slap_sasl_getdn: dn:id converted
to uid=proxyuser,ou=people,dc=plainjoe,dc=org
75    Nov 11 17:19:10 firewall slapd[11011]: SASL Canonicalize [conn=1001]:
slapAuthcDN="uid=proxyuser,ou=people,dc=plainjoe,dc=org"
76    Nov 11 17:19:10 firewall slapd[11011]: => bdb_search
77    Nov 11 17:19:10 firewall slapd[11011]: bdb_dn2entry("uid=proxyuser,ou=
people,dc=plainjoe,dc=org")
78    Nov 11 17:19:10 firewall slapd[11011]: => bdb_dn2id("dc=plainjoe,dc=
org")
79    Nov 11 17:19:10 firewall slapd[11011]: daemon: activity on 1 descriptor
80    Nov 11 17:19:10 firewall slapd[11011]: daemon: activity on:
81    Nov 11 17:19:10 firewall slapd[11011]:
82    Nov 11 17:19:10 firewall slapd[11011]: daemon: epoll: listen=7
active_threads=0 tvp=zero
83    Nov 11 17:19:10 firewall slapd[11011]: daemon: epoll: listen=8
active_threads=0 tvp=zero
84    Nov 11 17:19:10 firewall slapd[11011]: <= bdb_dn2id: got id=0x1
85    Nov 11 17:19:10 firewall slapd[11011]: => bdb_dn2id("ou=people,dc=
plainjoe,dc=org")
86    Nov 11 17:19:10 firewall slapd[11011]: <= bdb_dn2id: got id=0x2
87    Nov 11 17:19:10 firewall slapd[11011]: => bdb_dn2id("uid=proxyuser,ou=
people,dc=plainjoe,dc=org")
88    Nov 11 17:19:10 firewall slapd[11011]: <= bdb_dn2id: got id=0x10
89    Nov 11 17:19:10 firewall slapd[11011]: entry_decode: "uid=proxyuser,ou=
people,dc=plainjoe,dc=org"
90    Nov 11 17:19:10 firewall slapd[11011]: <= entry_decode(uid=proxyuser,ou=
people,dc=plainjoe,dc=org)
91    Nov 11 17:19:10 firewall slapd[11011]: => access_allowed: auth access to
"uid=proxyuser,ou=people,dc=plainjoe,dc=org" "entry" requested
92    Nov 11 17:19:10 firewall slapd[11011]: => acl_get: [2] attr entry
93    Nov 11 17:19:10 firewall slapd[11011]: => acl_mask: access to entry "uid
=proxyuser,ou=people,dc=plainjoe,dc=org", attr "entry" requested
94    Nov 11 17:19:10 firewall slapd[11011]: => acl_mask: to all values by "",
(=0)
95    Nov 11 17:19:10 firewall slapd[11011]: <= check a_dn_pat: *
96    Nov 11 17:19:10 firewall slapd[11011]: <= acl_mask: [1] applying read(=
rscxd) (stop)
97    Nov 11 17:19:10 firewall slapd[11011]: <= acl_mask: [1] mask: read(=
rscxd)
98    Nov 11 17:19:10 firewall slapd[11011]: => slap_access_allowed: auth
access granted by read(=rscxd)
99    Nov 11 17:19:10 firewall slapd[11011]: => access_allowed: auth access
granted by read(=rscxd)
100    Nov 11 17:19:10 firewall slapd[11011]: base_candidates: base: "uid=
proxyuser,ou=people,dc=plainjoe,dc=org" (0x00000010)
101    Nov 11 17:19:10 firewall slapd[11011]: => test_filter
102    Nov 11 17:19:10 firewall slapd[11011]:     PRESENT
103    Nov 11 17:19:10 firewall slapd[11011]: => access_allowed: auth access
to "uid=proxyuser,ou=people,dc=plainjoe,dc=org" "objectClass" requested
104    Nov 11 17:19:10 firewall slapd[11011]: => acl_get: [2] attr objectClass
105    Nov 11 17:19:10 firewall slapd[11011]: => acl_mask: access to entry
"uid=proxyuser,ou=people,dc=plainjoe,dc=org", attr "objectClass" requested
106    Nov 11 17:19:10 firewall slapd[11011]: => acl_mask: to all values by
"", (=0)
107    Nov 11 17:19:10 firewall slapd[11011]: <= check a_dn_pat: *
108    Nov 11 17:19:10 firewall slapd[11011]: <= acl_mask: [1] applying read(=
rscxd) (stop)
109    Nov 11 17:19:10 firewall slapd[11011]: <= acl_mask: [1] mask: read(=
rscxd)
110    Nov 11 17:19:10 firewall slapd[11011]: => slap_access_allowed: auth
access granted by read(=rscxd)
111    Nov 11 17:19:10 firewall slapd[11011]: => access_allowed: auth access
granted by read(=rscxd)
112    Nov 11 17:19:10 firewall slapd[11011]: <= test_filter 6
113    Nov 11 17:19:10 firewall slapd[11011]: => access_allowed: auth access
to "uid=proxyuser,ou=people,dc=plainjoe,dc=org" "userPassword" requested
114    Nov 11 17:19:10 firewall slapd[11011]: => acl_get: [1] attr
userPassword
115    Nov 11 17:19:10 firewall slapd[11011]: => acl_mask: access to entry
"uid=proxyuser,ou=people,dc=plainjoe,dc=org", attr "userPassword" requested
116    Nov 11 17:19:10 firewall slapd[11011]: => acl_mask: to all values by
"", (=0)
117    Nov 11 17:19:10 firewall slapd[11011]: <= check a_dn_pat: self
118    Nov 11 17:19:10 firewall slapd[11011]: <= check a_dn_pat: anonymous
119    Nov 11 17:19:10 firewall slapd[11011]: <= acl_mask: [2] applying auth(=
xd) (stop)
120    Nov 11 17:19:10 firewall slapd[11011]: <= acl_mask: [2] mask: auth(=xd)
121    Nov 11 17:19:10 firewall slapd[11011]: => slap_access_allowed: auth
access granted by auth(=xd)
122    Nov 11 17:19:10 firewall slapd[11011]: => access_allowed: auth access
granted by auth(=xd)
123    Nov 11 17:19:10 firewall slapd[11011]: slap_ap_lookup: str2ad
(cmusaslsecretDIGEST-MD5): attribute type undefined
124    Nov 11 17:19:10 firewall slapd[11011]: send_ldap_result: conn=1001 op=1
p=3
125    Nov 11 17:19:10 firewall slapd[11011]: send_ldap_result: err=0 matched=
"" text=""
126    Nov 11 17:19:10 firewall slapd[11011]: SASL Canonicalize [conn=1001]:
authzid="u:test"
127    Nov 11 17:19:10 firewall slapd[11011]: slap_sasl_getdn: conn 1001 id=
u:test [len=6]
128    Nov 11 17:19:10 firewall slapd[11011]: slap_sasl_getdn: u:id converted
to uid=test,cn=DIGEST-MD5,cn=auth
129    Nov 11 17:19:10 firewall slapd[11011]: >>> dnNormalize: <uid=test,cn=
DIGEST-MD5,cn=auth>
130    Nov 11 17:19:10 firewall slapd[11011]: <<< dnNormalize: <uid=test,cn=
digest-md5,cn=auth>
131    Nov 11 17:19:10 firewall slapd[11011]: ==>slap_sasl2dn: converting SASL
name uid=test,cn=digest-md5,cn=auth to a DN
132    Nov 11 17:19:10 firewall slapd[11011]: [rw] authid: "uid=test,cn=
digest-md5,cn=auth" -> "uid=test,ou=people,dc=plainjoe,dc=org"
133    Nov 11 17:19:10 firewall slapd[11011]: slap_parseURI: parsing uid=
test,ou=people,dc=plainjoe,dc=org
134    Nov 11 17:19:10 firewall slapd[11011]: >>> dnNormalize: <uid=test,ou=
people,dc=plainjoe,dc=org>
135    Nov 11 17:19:10 firewall slapd[11011]: <<< dnNormalize: <uid=test,ou=
people,dc=plainjoe,dc=org>
136    Nov 11 17:19:10 firewall slapd[11011]: <==slap_sasl2dn: Converted SASL
name to uid=test,ou=people,dc=plainjoe,dc=org
137    Nov 11 17:19:10 firewall slapd[11011]: slap_sasl_getdn: dn:id converted
to uid=test,ou=people,dc=plainjoe,dc=org
138    Nov 11 17:19:10 firewall slapd[11011]: SASL Canonicalize [conn=1001]:
slapAuthzDN="uid=test,ou=people,dc=plainjoe,dc=org"
139    Nov 11 17:19:10 firewall slapd[11011]: SASL [conn=1001] Failure: no
secret in database
140    Nov 11 17:19:10 firewall slapd[11011]: send_ldap_result: conn=1001 op=1
p=3
141    Nov 11 17:19:10 firewall slapd[11011]: send_ldap_result: err=49 matched
="" text="SASL(-13): user not found: no secret in database"
142    Nov 11 17:19:10 firewall slapd[11011]: send_ldap_response: msgid=2 tag=
97 err=49
143    Nov 11 17:19:10 firewall slapd[11011]: daemon: activity on 1 descriptor
144    Nov 11 17:19:10 firewall slapd[11011]: daemon: activity on:
145    Nov 11 17:19:10 firewall slapd[11011]:  12r
146    Nov 11 17:19:10 firewall slapd[11011]:
147    Nov 11 17:19:10 firewall slapd[11011]: daemon: read active on 12
148    Nov 11 17:19:10 firewall slapd[11011]: daemon: epoll: listen=7
active_threads=0 tvp=zero
149    Nov 11 17:19:10 firewall slapd[11011]: daemon: epoll: listen=8
active_threads=0 tvp=zero
150    Nov 11 17:19:10 firewall slapd[11011]: connection_get(12)
151    Nov 11 17:19:10 firewall slapd[11011]: connection_get(12): got connid=
1001
152    Nov 11 17:19:10 firewall slapd[11011]: connection_read(12): checking
for input on id=1001
153    Nov 11 17:19:10 firewall slapd[11011]: ber_get_next on fd 12 failed
errno=0 (Success)
154    Nov 11 17:19:10 firewall slapd[11011]: connection_read(12): input error
=-2 id=1001, closing.
155    Nov 11 17:19:10 firewall slapd[11011]: connection_closing: readying
conn=1001 sd=12 for close
156    Nov 11 17:19:10 firewall slapd[11011]: connection_close: deferring conn
=1001 sd=12
157    Nov 11 17:19:10 firewall slapd[11011]: daemon: activity on 1 descriptor
158    Nov 11 17:19:10 firewall slapd[11011]: daemon: activity on:
159    Nov 11 17:19:10 firewall slapd[11011]:
160    Nov 11 17:19:10 firewall slapd[11011]: daemon: epoll: listen=7
active_threads=0 tvp=zero
161    Nov 11 17:19:10 firewall slapd[11011]: daemon: epoll: listen=8
active_threads=0 tvp=zero
162    Nov 11 17:19:10 firewall slapd[11011]: conn=1001 op=1 RESULT tag=97 err
=49 text=SASL(-13): user not found: no secret in database
163    Nov 11 17:19:10 firewall slapd[11011]: <== slap_sasl_bind: rc=49
164    Nov 11 17:19:10 firewall slapd[11011]: connection_resched: attempting
closing conn=1001 sd=12
165    Nov 11 17:19:10 firewall slapd[11011]: connection_close: conn=1001 sd=
12
166    Nov 11 17:19:10 firewall slapd[11011]: daemon: removing 12
167    Nov 11 17:19:10 firewall slapd[11011]: conn=1001 fd=12 closed
(connection lost)
-- 
Dieter Klünter | Systemberatung
sip: 7770535@sipgate.de 
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Re: Problems Enabling Authentication using Cyrus SASL