Re: Does anybody succeed to setup SASL(digest-md5) authentication with mysql database and latest openldap-server??

17 Feb 2011


      Hi Dan
I simplified ldap configuration as far as I can .
This is no realm configuration (Dan's idea.)
However authentication still failed.
I'm not sure why slap_sasl_authorized compare input? password.
-- from debug message
==>slap_sasl_authorized: can uid=ldap_user,ou=users,dc=mydomain,dc=com
become password1?
--
Hiroyuki Sato
1, new configuration
database	bdb
  suffix		"dc=mydomain,dc=com"
  rootdn		"cn=Manager,dc=mydomain,dc=com"
  sasl-regexp
    uid=([^@]+)([^,]+),cn=digest-md5,cn=auth
    uid=$1,ou=users,dc=mydomain,dc=com
  sasl-auxprops sql
ldapsearch -h 192.168.10.36 -Y digest-md5  -U ldap_user@mydomain.com
-b 'dc=mydomain,dc=com' -LLL '(objectclass=*)'
  SASL/DIGEST-MD5 authentication started
  Please enter your password:
  ldap_sasl_interactive_bind_s: Insufficient access (50)
2, /usr/lib/sasl2/slapd.conf
 pwcheck_method: auxprop
 mech_list: DIGEST-MD5
 log_level: 7
 auxprop_plugin: sql
 sql_verbose: yes
 sql_engine: mysql
 sql_hostnames: host.addre.ss
 sql_user: username
 sql_passwd: password
 sql_database: database
 #
 # no realm
 #
 sql_select: select password from sasl_test where username = '%u'
2, log
daemon: activity on 1 descriptor
daemon: activity on:
slap_listener_activate(7):
daemon: epoll: listen=7 busy
daemon: epoll: listen=8 active_threads=0 tvp=NULL
...
...
...
slap_listener(ldap:///)
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: listen=7, new connection on 12
daemon: activity on 1 descriptor
daemon: activity on: 12r
daemon: read active on 12
daemon: added 12r (active) listener=(nil)
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
conn=1000 fd=12 ACCEPT from IP=192.168.10.53:54174 (IP=0.0.0.0:389)
connection_get(12)
connection_get(12): got connid=1000
connection_read(12): checking for input on id=1000
ber_get_next
ldap_read: want=8, got=8
  0000:  30 18 02 01 01 60 13 02                            0....`..
ldap_read: want=18, got=18
  0000:  01 03 04 00 a3 0c 04 0a  44 49 47 45 53 54 2d 4d   ........DIGEST-M
  0010:  44 35                                              D5
ber_get_next: tag 0x30 len 24 contents:
ber_dump: buf=0x8380468 ptr=0x8380468 end=0x8380480 len=24
  0000:  02 01 01 60 13 02 01 03  04 00 a3 0c 04 0a 44 49   ...`..........DI
  0010:  47 45 53 54 2d 4d 44 35                            GEST-MD5
op tag 0x60, time 1297935958
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
conn=1000 op=0 do_bind
ber_scanf fmt ({imt) ber:
ber_dump: buf=0x8380468 ptr=0x838046b end=0x8380480 len=21
  0000:  60 13 02 01 03 04 00 a3  0c 04 0a 44 49 47 45 53   `..........DIGES
  0010:  54 2d 4d 44 35                                     T-MD5
ber_scanf fmt ({m) ber:
ber_dump: buf=0x8380468 ptr=0x8380472 end=0x8380480 len=14
  0000:  00 0c 04 0a 44 49 47 45  53 54 2d 4d 44 35         ....DIGEST-MD5
ber_scanf fmt (}}) ber:
ber_dump: buf=0x8380468 ptr=0x8380480 end=0x8380480 len=0
...
...
...
dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
conn=1000 op=0 BIND dn="" method=163
do_bind: dn () SASL mech DIGEST-MD5
==> sasl_bind: dn="" mech=DIGEST-MD5 datalen=0
SASL [conn=1000] Debug: DIGEST-MD5 server step 1
send_ldap_sasl: err=14 len=184
send_ldap_response: msgid=1 tag=97 err=14
ber_flush2: 231 bytes to sd 12
  0000:  30 81 e4 02 01 01 61 81  de 0a 01 0e 04 00 04 1c   0.....a.........
  0010:  53 41 53 4c 28 30 29 3a  20 73 75 63 63 65 73 73   SASL(0): success
  0020:  66 75 6c 20 72 65 73 75  6c 74 3a 20 87 81 b8 6e   ful result: ...n
  0030:  6f 6e 63 65 3d 22 79 7a  57 61 52 41 51 46 34 38   once="yzWaRAQF48
  0040:  70 39 4e 2f 4d 58 46 6b  39 38 6a 6f 4c 54 5a 4e   p9N/MXFk98joLTZN
  0050:  68 52 2f 6c 4e 38 79 33  51 44 4b 59 63 55 32 4e   hR/lN8y3QDKYcU2N
  0060:  4d 3d 22 2c 72 65 61 6c  6d 3d 22 70 78 65 30 31   M=",realm="pxe01
  0070:  2e 61 72 63 68 73 79 73  74 65 6d 2e 63 6f 6d 22   .archsystem.com"
  0080:  2c 71 6f 70 3d 22 61 75  74 68 2c 61 75 74 68 2d   ,qop="auth,auth-
  0090:  69 6e 74 2c 61 75 74 68  2d 63 6f 6e 66 22 2c 63   int,auth-conf",c
  00a0:  69 70 68 65 72 3d 22 72  63 34 2d 34 30 2c 72 63   ipher="rc4-40,rc
  00b0:  34 2d 35 36 2c 72 63 34  22 2c 6d 61 78 62 75 66   4-56,rc4",maxbuf
  00c0:  3d 36 35 35 33 36 2c 63  68 61 72 73 65 74 3d 75   =65536,charset=u
  00d0:  74 66 2d 38 2c 61 6c 67  6f 72 69 74 68 6d 3d 6d   tf-8,algorithm=m
  00e0:  64 35 2d 73 65 73 73                               d5-sess
ldap_write: want=231, written=231
  0000:  30 81 e4 02 01 01 61 81  de 0a 01 0e 04 00 04 1c   0.....a.........
  0010:  53 41 53 4c 28 30 29 3a  20 73 75 63 63 65 73 73   SASL(0): success
  0020:  66 75 6c 20 72 65 73 75  6c 74 3a 20 87 81 b8 6e   ful result: ...n
  0030:  6f 6e 63 65 3d 22 79 7a  57 61 52 41 51 46 34 38   once="yzWaRAQF48
  0040:  70 39 4e 2f 4d 58 46 6b  39 38 6a 6f 4c 54 5a 4e   p9N/MXFk98joLTZN
  0050:  68 52 2f 6c 4e 38 79 33  51 44 4b 59 63 55 32 4e   hR/lN8y3QDKYcU2N
  0060:  4d 3d 22 2c 72 65 61 6c  6d 3d 22 70 78 65 30 31   M=",realm="pxe01
  0070:  2e 61 72 63 68 73 79 73  74 65 6d 2e 63 6f 6d 22   .archsystem.com"
  0080:  2c 71 6f 70 3d 22 61 75  74 68 2c 61 75 74 68 2d   ,qop="auth,auth-
  0090:  69 6e 74 2c 61 75 74 68  2d 63 6f 6e 66 22 2c 63   int,auth-conf",c
  00a0:  69 70 68 65 72 3d 22 72  63 34 2d 34 30 2c 72 63   ipher="rc4-40,rc
  00b0:  34 2d 35 36 2c 72 63 34  22 2c 6d 61 78 62 75 66   4-56,rc4",maxbuf
  00c0:  3d 36 35 35 33 36 2c 63  68 61 72 73 65 74 3d 75   =65536,charset=u
  00d0:  74 66 2d 38 2c 61 6c 67  6f 72 69 74 68 6d 3d 6d   tf-8,algorithm=m
  00e0:  64 35 2d 73 65 73 73                               d5-sess
conn=1000 op=0 RESULT tag=97 err=14 text=SASL(0): successful result:
<== slap_sasl_bind: rc=14
daemon: activity on 1 descriptor
daemon: activity on: 12r
daemon: read active on 12
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
connection_get(12)
connection_get(12): got connid=1000
connection_read(12): checking for input on id=1000
ber_get_next
ldap_read: want=8, got=8
  0000:  30 82 01 4f 02 01 02 60                            0..O...`
ldap_read: want=331, got=331
  0000:  82 01 48 02 01 03 04 00  a3 82 01 3f 04 0a 44 49   ..H........?..DI
  0010:  47 45 53 54 2d 4d 44 35  04 82 01 2f 75 73 65 72   GEST-MD5.../user
  0020:  6e 61 6d 65 3d 22 6c 64  61 70 5f 75 73 65 72 40   name="ldap_user@
  0030:  6d 79 64 6f 6d 61 69 6e  2e 63 6f 6d 22 2c 72 65   mydomain.com",re
  0040:  61 6c 6d 3d 22 70 78 65  30 31 2e 61 72 63 68 73   alm="pxe01.archs
  0050:  79 73 74 65 6d 2e 63 6f  6d 22 2c 6e 6f 6e 63 65   ystem.com",nonce
  0060:  3d 22 79 7a 57 61 52 41  51 46 34 38 70 39 4e 2f   ="yzWaRAQF48p9N/
  0070:  4d 58 46 6b 39 38 6a 6f  4c 54 5a 4e 68 52 2f 6c   MXFk98joLTZNhR/l
  0080:  4e 38 79 33 51 44 4b 59  63 55 32 4e 4d 3d 22 2c   N8y3QDKYcU2NM=",
  0090:  63 6e 6f 6e 63 65 3d 22  6c 30 43 32 64 75 35 62   cnonce="l0C2du5b
  00a0:  46 6c 4b 34 67 68 4e 4e  72 41 4a 47 43 75 6d 72   FlK4ghNNrAJGCumr
  00b0:  45 51 2f 56 75 4b 61 5a  39 6b 65 5a 6a 5a 54 6b   EQ/VuKaZ9keZjZTk
  00c0:  67 6a 6f 3d 22 2c 6e 63  3d 30 30 30 30 30 30 30   gjo=",nc=0000000
  00d0:  31 2c 71 6f 70 3d 61 75  74 68 2d 63 6f 6e 66 2c   1,qop=auth-conf,
  00e0:  63 69 70 68 65 72 3d 72  63 34 2c 6d 61 78 62 75   cipher=rc4,maxbu
  00f0:  66 3d 31 36 37 37 37 32  31 35 2c 64 69 67 65 73   f=16777215,diges
  0100:  74 2d 75 72 69 3d 22 6c  64 61 70 2f 70 78 65 30   t-uri="ldap/pxe0
  0110:  31 2e 61 72 63 68 73 79  73 74 65 6d 2e 63 6f 6d   1.archsystem.com
  0120:  22 2c 72 65 73 70 6f 6e  73 65 3d 36 66 36 36 32   ",response=6f662
  0130:  65 37 32 31 36 37 37 66  39 36 31 33 66 62 30 62   e721677f9613fb0b
  0140:  30 62 33 63 39 36 35 64  39 64 30                  0b3c965d9d0
ber_get_next: tag 0x30 len 335 contents:
ber_dump: buf=0x8382440 ptr=0x8382440 end=0x838258f len=335
  0000:  02 01 02 60 82 01 48 02  01 03 04 00 a3 82 01 3f   ...`..H........?
  0010:  04 0a 44 49 47 45 53 54  2d 4d 44 35 04 82 01 2f   ..DIGEST-MD5.../
  0020:  75 73 65 72 6e 61 6d 65  3d 22 6c 64 61 70 5f 75   username="ldap_u
  0030:  73 65 72 40 6d 79 64 6f  6d 61 69 6e 2e 63 6f 6d   ser@mydomain.com
  0040:  22 2c 72 65 61 6c 6d 3d  22 70 78 65 30 31 2e 61   ",realm="pxe01.a
  0050:  72 63 68 73 79 73 74 65  6d 2e 63 6f 6d 22 2c 6e   rchsystem.com",n
  0060:  6f 6e 63 65 3d 22 79 7a  57 61 52 41 51 46 34 38   once="yzWaRAQF48
  0070:  70 39 4e 2f 4d 58 46 6b  39 38 6a 6f 4c 54 5a 4e   p9N/MXFk98joLTZN
  0080:  68 52 2f 6c 4e 38 79 33  51 44 4b 59 63 55 32 4e   hR/lN8y3QDKYcU2N
  0090:  4d 3d 22 2c 63 6e 6f 6e  63 65 3d 22 6c 30 43 32   M=",cnonce="l0C2
  00a0:  64 75 35 62 46 6c 4b 34  67 68 4e 4e 72 41 4a 47   du5bFlK4ghNNrAJG
  00b0:  43 75 6d 72 45 51 2f 56  75 4b 61 5a 39 6b 65 5a   CumrEQ/VuKaZ9keZ
  00c0:  6a 5a 54 6b 67 6a 6f 3d  22 2c 6e 63 3d 30 30 30   jZTkgjo=",nc=000
  00d0:  30 30 30 30 31 2c 71 6f  70 3d 61 75 74 68 2d 63   00001,qop=auth-c
  00e0:  6f 6e 66 2c 63 69 70 68  65 72 3d 72 63 34 2c 6d   onf,cipher=rc4,m
  00f0:  61 78 62 75 66 3d 31 36  37 37 37 32 31 35 2c 64   axbuf=16777215,d
  0100:  69 67 65 73 74 2d 75 72  69 3d 22 6c 64 61 70 2f   igest-uri="ldap/
  0110:  70 78 65 30 31 2e 61 72  63 68 73 79 73 74 65 6d   pxe01.archsystem
  0120:  2e 63 6f 6d 22 2c 72 65  73 70 6f 6e 73 65 3d 36   .com",response=6
  0130:  66 36 36 32 65 37 32 31  36 37 37 66 39 36 31 33   f662e721677f9613
  0140:  66 62 30 62 30 62 33 63  39 36 35 64 39 64 30      fb0b0b3c965d9d0
op tag 0x60, time 1297935961
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
conn=1000 op=1 do_bind
ber_scanf fmt ({imt) ber:
ber_dump: buf=0x8382440 ptr=0x8382443 end=0x838258f len=332
  0000:  60 82 01 48 02 01 03 04  00 a3 82 01 3f 04 0a 44   `..H........?..D
  0010:  49 47 45 53 54 2d 4d 44  35 04 82 01 2f 75 73 65   IGEST-MD5.../use
  0020:  72 6e 61 6d 65 3d 22 6c  64 61 70 5f 75 73 65 72   rname="ldap_user
  0030:  40 6d 79 64 6f 6d 61 69  6e 2e 63 6f 6d 22 2c 72   @mydomain.com",r
  0040:  65 61 6c 6d 3d 22 70 78  65 30 31 2e 61 72 63 68   ealm="pxe01.arch
  0050:  73 79 73 74 65 6d 2e 63  6f 6d 22 2c 6e 6f 6e 63   system.com",nonc
  0060:  65 3d 22 79 7a 57 61 52  41 51 46 34 38 70 39 4e   e="yzWaRAQF48p9N
  0070:  2f 4d 58 46 6b 39 38 6a  6f 4c 54 5a 4e 68 52 2f   /MXFk98joLTZNhR/
  0080:  6c 4e 38 79 33 51 44 4b  59 63 55 32 4e 4d 3d 22   lN8y3QDKYcU2NM="
  0090:  2c 63 6e 6f 6e 63 65 3d  22 6c 30 43 32 64 75 35   ,cnonce="l0C2du5
  00a0:  62 46 6c 4b 34 67 68 4e  4e 72 41 4a 47 43 75 6d   bFlK4ghNNrAJGCum
  00b0:  72 45 51 2f 56 75 4b 61  5a 39 6b 65 5a 6a 5a 54   rEQ/VuKaZ9keZjZT
  00c0:  6b 67 6a 6f 3d 22 2c 6e  63 3d 30 30 30 30 30 30   kgjo=",nc=000000
  00d0:  30 31 2c 71 6f 70 3d 61  75 74 68 2d 63 6f 6e 66   01,qop=auth-conf
  00e0:  2c 63 69 70 68 65 72 3d  72 63 34 2c 6d 61 78 62   ,cipher=rc4,maxb
  00f0:  75 66 3d 31 36 37 37 37  32 31 35 2c 64 69 67 65   uf=16777215,dige
  0100:  73 74 2d 75 72 69 3d 22  6c 64 61 70 2f 70 78 65   st-uri="ldap/pxe
  0110:  30 31 2e 61 72 63 68 73  79 73 74 65 6d 2e 63 6f   01.archsystem.co
  0120:  6d 22 2c 72 65 73 70 6f  6e 73 65 3d 36 66 36 36   m",response=6f66
  0130:  32 65 37 32 31 36 37 37  66 39 36 31 33 66 62 30   2e721677f9613fb0
  0140:  62 30 62 33 63 39 36 35  64 39 64 30               b0b3c965d9d0
ber_scanf fmt ({m) ber:
ber_dump: buf=0x8382440 ptr=0x838244c end=0x838258f len=323
  0000:  00 82 01 3f 04 0a 44 49  47 45 53 54 2d 4d 44 35   ...?..DIGEST-MD5
  0010:  04 82 01 2f 75 73 65 72  6e 61 6d 65 3d 22 6c 64   .../username="ld
  0020:  61 70 5f 75 73 65 72 40  6d 79 64 6f 6d 61 69 6e   ap_user@mydomain
  0030:  2e 63 6f 6d 22 2c 72 65  61 6c 6d 3d 22 70 78 65   .com",realm="pxe
  0040:  30 31 2e 61 72 63 68 73  79 73 74 65 6d 2e 63 6f   01.archsystem.co
  0050:  6d 22 2c 6e 6f 6e 63 65  3d 22 79 7a 57 61 52 41   m",nonce="yzWaRA
  0060:  51 46 34 38 70 39 4e 2f  4d 58 46 6b 39 38 6a 6f   QF48p9N/MXFk98jo
  0070:  4c 54 5a 4e 68 52 2f 6c  4e 38 79 33 51 44 4b 59   LTZNhR/lN8y3QDKY
  0080:  63 55 32 4e 4d 3d 22 2c  63 6e 6f 6e 63 65 3d 22   cU2NM=",cnonce="
  0090:  6c 30 43 32 64 75 35 62  46 6c 4b 34 67 68 4e 4e   l0C2du5bFlK4ghNN
  00a0:  72 41 4a 47 43 75 6d 72  45 51 2f 56 75 4b 61 5a   rAJGCumrEQ/VuKaZ
  00b0:  39 6b 65 5a 6a 5a 54 6b  67 6a 6f 3d 22 2c 6e 63   9keZjZTkgjo=",nc
  00c0:  3d 30 30 30 30 30 30 30  31 2c 71 6f 70 3d 61 75   =00000001,qop=au
  00d0:  74 68 2d 63 6f 6e 66 2c  63 69 70 68 65 72 3d 72   th-conf,cipher=r
  00e0:  63 34 2c 6d 61 78 62 75  66 3d 31 36 37 37 37 32   c4,maxbuf=167772
  00f0:  31 35 2c 64 69 67 65 73  74 2d 75 72 69 3d 22 6c   15,digest-uri="l
  0100:  64 61 70 2f 70 78 65 30  31 2e 61 72 63 68 73 79   dap/pxe01.archsy
  0110:  73 74 65 6d 2e 63 6f 6d  22 2c 72 65 73 70 6f 6e   stem.com",respon
  0120:  73 65 3d 36 66 36 36 32  65 37 32 31 36 37 37 66   se=6f662e721677f
  0130:  39 36 31 33 66 62 30 62  30 62 33 63 39 36 35 64   9613fb0b0b3c965d
  0140:  39 64 30                                           9d0
ber_scanf fmt (m) ber:
ber_dump: buf=0x8382440 ptr=0x838245c end=0x838258f len=307
  0000:  00 82 01 2f 75 73 65 72  6e 61 6d 65 3d 22 6c 64   .../username="ld
  0010:  61 70 5f 75 73 65 72 40  6d 79 64 6f 6d 61 69 6e   ap_user@mydomain
  0020:  2e 63 6f 6d 22 2c 72 65  61 6c 6d 3d 22 70 78 65   .com",realm="pxe
  0030:  30 31 2e 61 72 63 68 73  79 73 74 65 6d 2e 63 6f   01.archsystem.co
  0040:  6d 22 2c 6e 6f 6e 63 65  3d 22 79 7a 57 61 52 41   m",nonce="yzWaRA
  0050:  51 46 34 38 70 39 4e 2f  4d 58 46 6b 39 38 6a 6f   QF48p9N/MXFk98jo
  0060:  4c 54 5a 4e 68 52 2f 6c  4e 38 79 33 51 44 4b 59   LTZNhR/lN8y3QDKY
  0070:  63 55 32 4e 4d 3d 22 2c  63 6e 6f 6e 63 65 3d 22   cU2NM=",cnonce="
  0080:  6c 30 43 32 64 75 35 62  46 6c 4b 34 67 68 4e 4e   l0C2du5bFlK4ghNN
  0090:  72 41 4a 47 43 75 6d 72  45 51 2f 56 75 4b 61 5a   rAJGCumrEQ/VuKaZ
  00a0:  39 6b 65 5a 6a 5a 54 6b  67 6a 6f 3d 22 2c 6e 63   9keZjZTkgjo=",nc
  00b0:  3d 30 30 30 30 30 30 30  31 2c 71 6f 70 3d 61 75   =00000001,qop=au
  00c0:  74 68 2d 63 6f 6e 66 2c  63 69 70 68 65 72 3d 72   th-conf,cipher=r
  00d0:  63 34 2c 6d 61 78 62 75  66 3d 31 36 37 37 37 32   c4,maxbuf=167772
  00e0:  31 35 2c 64 69 67 65 73  74 2d 75 72 69 3d 22 6c   15,digest-uri="l
  00f0:  64 61 70 2f 70 78 65 30  31 2e 61 72 63 68 73 79   dap/pxe01.archsy
  0100:  73 74 65 6d 2e 63 6f 6d  22 2c 72 65 73 70 6f 6e   stem.com",respon
  0110:  73 65 3d 36 66 36 36 32  65 37 32 31 36 37 37 66   se=6f662e721677f
  0120:  39 36 31 33 66 62 30 62  30 62 33 63 39 36 35 64   9613fb0b0b3c965d
  0130:  39 64 30                                           9d0
ber_scanf fmt (}}) ber:
ber_dump: buf=0x8382440 ptr=0x838258f end=0x838258f len=0
...
...
...
dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
conn=1000 op=1 BIND dn="" method=163
do_bind: dn () SASL mech DIGEST-MD5
==> sasl_bind: dn="" mech=<continuing> datalen=303
SASL [conn=1000] Debug: DIGEST-MD5 server step 2
SASL Canonicalize [conn=1000]: authcid="ldap_user@mydomain.com"
slap_sasl_getdn: conn 1000 id=ldap_user@mydomain.com [len=22]
=> ldap_dn2bv(16)
<= ldap_dn2bv(uid=ldap_user@mydomain.com,cn=DIGEST-MD5,cn=auth)=0
slap_sasl_getdn: u:id converted to
uid=ldap_user@mydomain.com,cn=DIGEST-MD5,cn=auth
...
...
...
dnNormalize: <uid=ldap_user@mydomain.com,cn=DIGEST-MD5,cn=auth>
=> ldap_bv2dn(uid=ldap_user@mydomain.com,cn=DIGEST-MD5,cn=auth,0)
<= ldap_bv2dn(uid=ldap_user@mydomain.com,cn=DIGEST-MD5,cn=auth)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=ldap_user@mydomain.com,cn=digest-md5,cn=auth)=0
<<< dnNormalize: <uid=ldap_user@mydomain.com,cn=digest-md5,cn=auth>
==>slap_sasl2dn: converting SASL name
uid=ldap_user@mydomain.com,cn=digest-md5,cn=auth to a DN
==> rewrite_context_apply [depth=1]
string='uid=ldap_user@mydomain.com,cn=digest-md5,cn=auth'
==> rewrite_rule_apply rule='uid=([^@]+)([^,]+),cn=digest-md5,cn=auth'
string='uid=ldap_user@mydomain.com,cn=digest-md5,cn=auth' [1 pass(es)]
==> rewrite_context_apply [depth=1]
res={0,'uid=ldap_user,ou=users,dc=mydomain,dc=com'}
[rw] authid: "uid=ldap_user@mydomain.com,cn=digest-md5,cn=auth" ->
"uid=ldap_user,ou=users,dc=mydomain,dc=com"
slap_parseURI: parsing uid=ldap_user,ou=users,dc=mydomain,dc=com
ldap_url_parse_ext(uid=ldap_user,ou=users,dc=mydomain,dc=com)
...
...
...
dnNormalize: <uid=ldap_user,ou=users,dc=mydomain,dc=com>
=> ldap_bv2dn(uid=ldap_user,ou=users,dc=mydomain,dc=com,0)
<= ldap_bv2dn(uid=ldap_user,ou=users,dc=mydomain,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=ldap_user,ou=users,dc=mydomain,dc=com)=0
<<< dnNormalize: <uid=ldap_user,ou=users,dc=mydomain,dc=com>
<==slap_sasl2dn: Converted SASL name to
uid=ldap_user,ou=users,dc=mydomain,dc=com
slap_sasl_getdn: dn:id converted to uid=ldap_user,ou=users,dc=mydomain,dc=com
SASL Canonicalize [conn=1000]:
slapAuthcDN="uid=ldap_user,ou=users,dc=mydomain,dc=com"
SASL Canonicalize [conn=1000]: authzid="ldap_user@mydomain.com"
SASL proxy authorize [conn=1000]: authcid="ldap_user@mydomain.com"
authzid="ldap_user@mydomain.com"
==>slap_sasl_authorized: can uid=ldap_user,ou=users,dc=mydomain,dc=com
become password1?
<== slap_sasl_authorized: return 48
SASL Proxy Authorize [conn=1000]: proxy authorization disallowed (48)
SASL [conn=1000] Failure: not authorized
send_ldap_result: conn=1000 op=1 p=3
send_ldap_result: err=50 matched="" text="SASL(-14): authorization
failure: not authorized"
send_ldap_response: msgid=2 tag=97 err=50
ber_flush2: 62 bytes to sd 12
  0000:  30 3c 02 01 02 61 37 0a  01 32 04 00 04 30 53 41   0<...a7..2...0SA
  0010:  53 4c 28 2d 31 34 29 3a  20 61 75 74 68 6f 72 69   SL(-14): authori
  0020:  7a 61 74 69 6f 6e 20 66  61 69 6c 75 72 65 3a 20   zation failure:
  0030:  6e 6f 74 20 61 75 74 68  6f 72 69 7a 65 64         not authorized
ldap_write: want=62, written=62
  0000:  30 3c 02 01 02 61 37 0a  01 32 04 00 04 30 53 41   0<...a7..2...0SA
  0010:  53 4c 28 2d 31 34 29 3a  20 61 75 74 68 6f 72 69   SL(-14): authori
  0020:  7a 61 74 69 6f 6e 20 66  61 69 6c 75 72 65 3a 20   zation failure:
  0030:  6e 6f 74 20 61 75 74 68  6f 72 69 7a 65 64         not authorized
conn=1000 op=1 RESULT tag=97 err=50 text=SASL(-14): authorization
failure: not authorized
<== slap_sasl_bind: rc=50
daemon: activity on 1 descriptor
daemon: activity on: 12r
daemon: read active on 12
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
connection_get(12)
connection_get(12): got connid=1000
connection_read(12): checking for input on id=1000
ber_get_next
ldap_read: want=8, got=0
ber_get_next on fd 12 failed errno=0 (Success)
connection_read(12): input error=-2 id=1000, closing.
connection_closing: readying conn=1000 sd=12 for close
connection_close: conn=1000 sd=12
daemon: removing 12
conn=1000 fd=12 closed (connection lost)
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Re: Does anybody succeed to setup SASL(digest-md5) authentication with mysql database and latest openldap-server??