On 12/31/15 11:43 -0600, Timothy Keith wrote:On 12/31/15 11:13 -0600, Timothy Keith wrote:
I defined:
ldap_mech: PLAIN
I am new at LDAP , that is obvious I guess. But, I've been around Unix for
30 years.
This is the latest output from saslauthd in debug mode :
saslauthd[19271] :main : num_procs : 5
saslauthd[19271] :main : mech_option: NULL
saslauthd[19271] :main : run_path : /var/run/saslauthd
saslauthd[19271] :main : auth_mech : ldap
saslauthd[19271] :ipc_init : using accept lock file:
/var/run/saslauthd/mux.accept
saslauthd[19271] :detach_tty : master pid is: 0
saslauthd[19271] :ipc_init : listening on socket:
/var/run/saslauthd/mux
saslauthd[19271] :main : using process model
saslauthd[19271] :have_baby : forked child: 19272
saslauthd[19271] :have_baby : forked child: 19273
saslauthd[19271] :have_baby : forked child: 19274
saslauthd[19271] :have_baby : forked child: 19275
saslauthd[19271] :get_accept_lock : acquired accept lock
saslauthd[19271] :rel_accept_lock : released accept lock
saslauthd[19272] :get_accept_lock : acquired accept lock
ldap_sasl_interactive_bind: user selected: PLAIN
ldap_int_sasl_bind: PLAIN
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 182.19.136.42:389
ldap_new_socket: 10
ldap_prepare_socket: 10
ldap_connect_to_host: Trying 182.19.136.42:389
ldap_pvt_connect: fd: 10 tm: 10 async: 0
ldap_ndelay_on: 10
attempting to connect:
connect errno: 115
ldap_int_poll: fd: 10 tm: 10
ldap_is_sock_ready: 10
ldap_ndelay_off: 10
ldap_pvt_connect: 0
ldap_int_sasl_open: host=182.19.136.42
ldap_msgfree
ldap_err2string
ldap_unbind
ldap_free_connection 1 1
ldap_send_unbind
ldap_free_connection: actually freed
ldap_create
ldap_url_parse_ext(ldap:// 182.19.136.42:389)
ldap_sasl_interactive_bind: user selected: PLAIN
ldap_int_sasl_bind: PLAIN
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 182.19.136.42:389
ldap_new_socket: 10
ldap_prepare_socket: 10
ldap_connect_to_host: Trying 182.19.136.42:389
ldap_pvt_connect: fd: 10 tm: 10 async: 0
ldap_ndelay_on: 10
attempting to connect:
connect errno: 115
ldap_int_poll: fd: 10 tm: 10
ldap_is_sock_ready: 10
ldap_ndelay_off: 10
ldap_pvt_connect: 0
ldap_int_sasl_open: host=182.19.136.42
ldap_msgfree
ldap_err2string
saslauthd[19271] :do_auth : auth failure: [user=testuser]
[service=slapd] [realm=] [mech=ldap] [reason=Unknown]
saslauthd[19271] :do_request : response: NO
attempting to connect:
connect errno: 115
*EINPROGRESS*
That doesn't appear to be a critical piece of the problem. Notice libldap
is polling and reporting the socket as ready.
Trouble shoot this as a basic authentication problem between your unix
server and the ldap server. I.e., attempt to reproduce a sasl plain
authentication using ldapwhoami:
ldapwhoami -Y PLAIN -H ldap://182.19.136.42 -U testuser
Adjust to match your saslauthd ldap config.
Assuming your connection is unencrypted, which is appears to be, performing
a tcpdump/wireshark trace will help.
--
Dan White