ldapwhoami -Y PLAIN -H ldap://182.19.136.42 -U testuser
produces :
ldap_sasl_interactive_bind_s: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available: No worthy mechs found
Tim
On Mon, Jan 4, 2016 at 8:42 AM, Dan White dwhite@cafedemocracy.org wrote:
On 12/31/15 11:13 -0600, Timothy Keith wrote:
I defined: ldap_mech: PLAIN
I am new at LDAP , that is obvious I guess. But, I've been around Unix for 30 years.
This is the latest output from saslauthd in debug mode :
saslauthd[19271] :main : num_procs : 5 saslauthd[19271] :main : mech_option: NULL saslauthd[19271] :main : run_path : /var/run/saslauthd saslauthd[19271] :main : auth_mech : ldap saslauthd[19271] :ipc_init : using accept lock file: /var/run/saslauthd/mux.accept saslauthd[19271] :detach_tty : master pid is: 0 saslauthd[19271] :ipc_init : listening on socket: /var/run/saslauthd/mux saslauthd[19271] :main : using process model saslauthd[19271] :have_baby : forked child: 19272 saslauthd[19271] :have_baby : forked child: 19273 saslauthd[19271] :have_baby : forked child: 19274 saslauthd[19271] :have_baby : forked child: 19275 saslauthd[19271] :get_accept_lock : acquired accept lock saslauthd[19271] :rel_accept_lock : released accept lock saslauthd[19272] :get_accept_lock : acquired accept lock ldap_sasl_interactive_bind: user selected: PLAIN ldap_int_sasl_bind: PLAIN ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 182.19.136.42:389 ldap_new_socket: 10 ldap_prepare_socket: 10 ldap_connect_to_host: Trying 182.19.136.42:389 ldap_pvt_connect: fd: 10 tm: 10 async: 0 ldap_ndelay_on: 10 attempting to connect: connect errno: 115 ldap_int_poll: fd: 10 tm: 10 ldap_is_sock_ready: 10 ldap_ndelay_off: 10 ldap_pvt_connect: 0 ldap_int_sasl_open: host=182.19.136.42 ldap_msgfree ldap_err2string ldap_unbind ldap_free_connection 1 1 ldap_send_unbind ldap_free_connection: actually freed ldap_create ldap_url_parse_ext(ldap:// 182.19.136.42:389) ldap_sasl_interactive_bind: user selected: PLAIN ldap_int_sasl_bind: PLAIN ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 182.19.136.42:389 ldap_new_socket: 10 ldap_prepare_socket: 10 ldap_connect_to_host: Trying 182.19.136.42:389 ldap_pvt_connect: fd: 10 tm: 10 async: 0 ldap_ndelay_on: 10 attempting to connect: connect errno: 115 ldap_int_poll: fd: 10 tm: 10 ldap_is_sock_ready: 10 ldap_ndelay_off: 10 ldap_pvt_connect: 0 ldap_int_sasl_open: host=182.19.136.42 ldap_msgfree ldap_err2string saslauthd[19271] :do_auth : auth failure: [user=testuser] [service=slapd] [realm=] [mech=ldap] [reason=Unknown] saslauthd[19271] :do_request : response: NO
On 12/31/15 11:43 -0600, Timothy Keith wrote:
attempting to connect:
connect errno: 115
*EINPROGRESS*
That doesn't appear to be a critical piece of the problem. Notice libldap is polling and reporting the socket as ready.
Trouble shoot this as a basic authentication problem between your unix server and the ldap server. I.e., attempt to reproduce a sasl plain authentication using ldapwhoami:
ldapwhoami -Y PLAIN -H ldap://182.19.136.42 -U testuser
Adjust to match your saslauthd ldap config.
Assuming your connection is unencrypted, which is appears to be, performing a tcpdump/wireshark trace will help.
-- Dan White