Hi all,
Please help me about this problem... I want to use testsaslauthd to test uid of OpenLDAP with TLS, but it fail...
Here is my config:
/usr/local/etc/saslauthd.conf: ldap_servers: ldap://localhost
ldap_bind_dn: cn=admin,dc=abc,dc=com ldap_bind_pw: 123456789
ldap_search_base: dc=abc,dc=com ldap_start_tls: yes ldap_tls_cacert_dir: /var/myCA ldap_tls_cacert_file: /var/myCA/cacert.crt ldap_debug: -1
start LDAP: root@ldap:~# /usr/local/openldap/libexec/slapd -h 'ldap:///'
start saslauthd: root@ldap:~# /usr/local/sasl2/sbin/saslauthd -a ldap -O
/usr/local/etc/saslauthd.conf -d saslauthd[765] :main : num_procs : 5
saslauthd[765] :main : mech_option: /usr/local/etc/saslauthd.conf
saslauthd[765] :main : run_path : /var/run saslauthd[765] :main : auth_mech : ldap saslauthd[765] :ipc_init : using accept lock file:
/var/run/mux.accept saslauthd[765] :detach_tty : master pid is: 0
saslauthd[765] :ipc_init : listening on socket: /var/run/mux
saslauthd[765] :main : using process model saslauthd[765] :have_baby : forked child: 766 saslauthd[765] :have_baby : forked child: 767
saslauthd[765] :have_baby : forked child: 768 saslauthd[765] :have_baby : forked child: 769 saslauthd[765] :get_accept_lock : acquired accept lock
test uid: root@ldap:~# /usr/local/sasl2/sbin/testsaslauthd -u khanhnq -p 123456 0: NO "authentication failed"
I have a debug result:
saslauthd[765] :rel_accept_lock : released accept lock saslauthd[767] :get_accept_lock : acquired accept lock ldap_extended_operation_s
ldap_extended_operation ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 10 ldap_prepare_socket: 10 ldap_connect_to_host: Trying ::1 389 ldap_pvt_connect: fd: 10 tm: 5 async: 0 ldap_ndelay_on: 10
ldap_int_poll: fd: 10 tm: 5 ldap_is_sock_ready: 10 ldap_ndelay_off: 10
ldap_pvt_connect: 0 ldap_open_defconn: successful
ldap_send_server_request ldap_result ld 0x9cef220 msgid 1 wait4msg ld 0x9cef220 msgid 1 (infinite timeout) wait4msg continue ld 0x9cef220 msgid 1 all 1 ** ld 0x9cef220 Connections: * host: localhost port: 389 (default) refcnt: 2 status: Connected last used: Fri May 27 16:40:05 2011
** ld 0x9cef220 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 0x9cef220 request count 1 (abandoned 0) ** ld 0x9cef220 Response Queue: Empty ld 0x9cef220 response count 0 ldap_chkResponseList ld 0x9cef220 msgid 1 all 1
ldap_chkResponseList returns ld 0x9cef220 NULL ldap_int_select read1msg: ld 0x9cef220 msgid 1 all 1 read1msg: ld 0x9cef220 msgid 1 message type extended-result read1msg: ld 0x9cef220 0 new referrals read1msg: mark request completed, ld 0x9cef220 msgid 1 request done: ld 0x9cef220 msgid 1 res_errno: 0, res_error: , res_matched: ldap_free_request (origid 1, msgid 1) ldap_parse_extended_result ldap_parse_result ldap_msgfree TLS trace: SSL_connect:before/connect initialization TLS trace: SSL_connect:SSLv2/v3 write client hello A TLS trace: SSL_connect:SSLv3 read server hello A TLS certificate verification: depth: 1, err: 0, subject: /CN=abc.com/ST=HCM/C=VN/emailAddress=root@abc.com/O=SGT/OU=NW Department, issuer: /CN=abc.com/ST=HCM/C=VN/emailAddress=root@abc.com/O=SGT/OU=NW Department
TLS certificate verification: depth: 0, err: 7, subject:
/CN=abc.com/ST=HCM/C=VN/emailAddress=root@abc.com/O=SGT/OU=NW, issuer:
/CN=abc.com/ST=HCM/C=VN/emailAddress=root@abc.com/O=SGT/OU=NW Department
TLS certificate verification: Error, certificate signature failure TLS trace: SSL3 alert write:fatal:decrypt error TLS trace: SSL_connect:error in SSLv3 read server certificate B TLS trace: SSL_connect:error in SSLv3 read server certificate B TLS: can't connect: error:14090086:SSL routines:func(144):reason(134) (certificate signature failure).
ldap_err2string ldap_unbind ldap_free_connection 1 1 ldap_send_unbind
ldap_free_connection: actually freed saslauthd[765] :do_auth : auth failure: [user=khanhnq] [service=imap] [realm=] [mech=ldap] [reason=Unknown] saslauthd[765] :do_request : response: NO
What i'm doing wrong? I think my TLS is OK...
Here is my ldapsearch result:
root@ldap:/usr/local/openldap/bin# ./ldapsearch -xLL -b dc=abc,dc=com
uid=khanhnq -d -1 ldap_create ldap_sasl_bind ldap_send_initial_request
ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP abc.com:389 ldap_new_socket: 3 ldap_prepare_socket: 3
ldap_connect_to_host: Trying ::1 389 ldap_pvt_connect: fd: 3 tm: -1 async: 0 ldap_open_defconn: successful ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x9023e88 ptr=0x9023e88 end=0x9023e96 len=14
0000: 30 0c 02 01 01 60 07 02 01 03 04 00 80 00 0....`........
ber_scanf fmt ({i) ber: ber_dump: buf=0x9023e88 ptr=0x9023e8d end=0x9023e96 len=9
0000: 60 07 02 01 03 04 00 80 00 `........
ber_flush2: 14 bytes to sd 3
0000: 30 0c 02 01 01 60 07 02 01 03 04 00 80 00 0....`........
ldap_write: want=14, written=14 0000: 30 0c 02 01 01 60 07 02 01 03 04 00 80 00 0....`........
ldap_result ld 0x901b540 msgid 1 wait4msg ld 0x901b540 msgid 1 (infinite timeout) wait4msg continue ld 0x901b540 msgid 1 all 1 ** ld 0x901b540 Connections: * host: abc.com port: 389 (default)
refcnt: 2 status: Connected last used: Fri May 27 16:42:21 2011
** ld 0x901b540 Outstanding Requests: * msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0 ld 0x901b540 request count 1 (abandoned 0) ** ld 0x901b540 Response Queue: Empty ld 0x901b540 response count 0 ldap_chkResponseList ld 0x901b540 msgid 1 all 1
ldap_chkResponseList returns ld 0x901b540 NULL ldap_int_select read1msg: ld 0x901b540 msgid 1 all 1 ber_get_next ldap_read: want=8, got=8 0000: 30 0c 02 01 01 61 07 0a 0....a..
ldap_read: want=6, got=6 0000: 01 00 04 00 04 00 ......
ber_get_next: tag 0x30 len 12 contents: ber_dump: buf=0x9025488 ptr=0x9025488 end=0x9025494 len=12 0000: 02 01 01 61 07 0a 01 00 04 00 04 00 ...a........
read1msg: ld 0x901b540 msgid 1 message type bind ber_scanf fmt ({eAA) ber: ber_dump: buf=0x9025488 ptr=0x902548b end=0x9025494 len=9 0000: 61 07 0a 01 00 04 00 04 00 a........
read1msg: ld 0x901b540 0 new referrals read1msg: mark request completed, ld 0x901b540 msgid 1 request done: ld 0x901b540 msgid 1 res_errno: 0, res_error: , res_matched: ldap_free_request (origid 1, msgid 1)
ldap_parse_result ber_scanf fmt ({iAA) ber: ber_dump: buf=0x9025488 ptr=0x902548b end=0x9025494 len=9 0000: 61 07 0a 01 00 04 00 04 00 a........
ber_scanf fmt (}) ber: ber_dump: buf=0x9025488 ptr=0x9025494 end=0x9025494 len=0
ldap_msgfree version: 1
ldap_search_ext
put_filter: "uid=khanhnq" put_filter: default put_simple_filter: "uid=khanhnq" ldap_build_search_req ATTRS: * ldap_send_initial_request
ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x9023e88 ptr=0x9023e88 end=0x9023ebf len=55 0000: 30 35 02 01 02 63 30 04 0d 64 63 3d 61 62 63 2c 05...c0..dc=abc, 0010: 64 63 3d 63 6f 6d 0a 01 02 0a 01 00 02 01 00 02 dc=com.......... 0020: 01 00 01 01 00 a3 0e 04 03 75 69 64 04 07 6b 68 .........uid..kh 0030: 61 6e 68 6e 71 30 00 anhnq0.
ber_scanf fmt ({) ber: ber_dump: buf=0x9023e88 ptr=0x9023e8d end=0x9023ebf len=50
0000: 63 30 04 0d 64 63 3d 61 62 63 2c 64 63 3d 63 6f c0..dc=abc,dc=co
0010: 6d 0a 01 02 0a 01 00 02 01 00 02 01 00 01 01 00 m...............
0020: a3 0e 04 03 75 69 64 04 07 6b 68 61 6e 68 6e 71 ....uid..khanhnq
0030: 30 00 0.
ber_flush2: 55 bytes to sd 3 0000: 30 35 02 01 02 63 30 04 0d 64 63 3d 61 62 63 2c 05...c0..dc=abc, 0010: 64 63 3d 63 6f 6d 0a 01 02 0a 01 00 02 01 00 02 dc=com.......... 0020: 01 00 01 01 00 a3 0e 04 03 75 69 64 04 07 6b 68 .........uid..kh 0030: 61 6e 68 6e 71 30 00 anhnq0.
ldap_write: want=55, written=55 0000: 30 35 02 01 02 63 30 04 0d 64 63 3d 61 62 63 2c 05...c0..dc=abc, 0010: 64 63 3d 63 6f 6d 0a 01 02 0a 01 00 02 01 00 02 dc=com.......... 0020: 01 00 01 01 00 a3 0e 04 03 75 69 64 04 07 6b 68 .........uid..kh 0030: 61 6e 68 6e 71 30 00 anhnq0.
ldap_result ld 0x901b540 msgid -1 wait4msg ld 0x901b540 msgid -1 (infinite timeout) wait4msg continue ld 0x901b540 msgid -1 all 0 ** ld 0x901b540 Connections: * host: abc.com port: 389 (default) refcnt: 2 status: Connected last used: Fri May 27 16:42:21 2011
** ld 0x901b540 Outstanding Requests: * msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0 ld 0x901b540 request count 1 (abandoned 0) ** ld 0x901b540 Response Queue: Empty ld 0x901b540 response count 0
ldap_chkResponseList ld 0x901b540 msgid -1 all 0 ldap_chkResponseList returns ld 0x901b540 NULL ldap_int_select read1msg: ld 0x901b540 msgid -1 all 0 ber_get_next ldap_read: want=8, got=8 0000: 30 82 01 13 02 01 02 64 0......d
ldap_read: want=271, got=271 0000: 82 01 0c 04 28 63 6e 3d 4b 68 61 6e 68 20 4e 67 ....(cn=Khanh Ng 0010: 75 79 65 6e 2c 6f 75 3d 6e 65 74 77 6f 72 6b 2c uyen,ou=network, 0020: 64 63 3d 61 62 63 2c 64 63 3d 63 6f 6d 30 81 df dc=abc,dc=com0.. 0030: 30 1e 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73 31 0...objectClass1 0040: 0f 04 0d 69 6e 65 74 4f 72 67 50 65 72 73 6f 6e ...inetOrgPerson 0050: 30 27 04 02 63 6e 31 21 04 0c 4b 68 61 6e 68 20 0'..cn1!..Khanh 0060: 4e 67 75 79 65 6e 04 11 4b 68 61 6e 68 20 4e 67 Nguyen..Khanh Ng 0070: 75 79 65 6e 20 51 75 6f 63 30 0d 04 02 73 6e 31 uyen Quoc0...sn1 0080: 07 04 05 4b 68 61 6e 68 30 10 04 03 75 69 64 31 ...Khanh0...uid1 0090: 09 04 07 6b 68 61 6e 68 6e 71 30 18 04 0c 75 73 ...khanhnq0...us 00a0: 65 72 50 61 73 73 77 6f 72 64 31 08 04 06 31 32 erPassword1...12 00b0: 33 34 35 36 30 48 04 04 6d 61 69 6c 31 40 04 0f 34560H..mail1@.. 00c0: 6b 68 61 6e 68 6e 71 40 61 62 63 2e 63 6f 6d 04 khanhnq@abc.com [1]. 00d0: 12 6e 71 6b 32 38 37 30 33 40 79 61 68 6f 6f 2e .nqk28703@yahoo. 00e0: 63 6f 6d 04 19 6b 68 61 6e 68 6e 71 40 73 61 69 com..khanhnq@sai 00f0: 67 6f 6e 74 65 63 68 2e 65 64 75 2e 76 6e 30 0f gontech.edu.vn0. 0100: 04 02 6f 75 31 09 04 07 6e 65 74 77 6f 72 6b
..ou1...network ber_get_next: tag 0x30 len 275 contents: ber_dump: buf=0x90255f0 ptr=0x90255f0 end=0x9025703 len=275 0000: 02 01 02 64 82 01 0c 04 28 63 6e 3d 4b 68 61 6e ...d....(cn=Khan 0010: 68 20 4e 67 75 79 65 6e 2c 6f 75 3d 6e 65 74 77 h Nguyen,ou=netw 0020: 6f 72 6b 2c 64 63 3d 61 62 63 2c 64 63 3d 63 6f ork,dc=abc,dc=co 0030: 6d 30 81 df 30 1e 04 0b 6f 62 6a 65 63 74 43 6c m0..0...objectCl 0040: 61 73 73 31 0f 04 0d 69 6e 65 74 4f 72 67 50 65 ass1...inetOrgPe 0050: 72 73 6f 6e 30 27 04 02 63 6e 31 21 04 0c 4b 68 rson0'..cn1!..Kh 0060: 61 6e 68 20 4e 67 75 79 65 6e 04 11 4b 68 61 6e anh Nguyen..Khan 0070: 68 20 4e 67 75 79 65 6e 20 51 75 6f 63 30 0d 04 h Nguyen Quoc0.. 0080: 02 73 6e 31 07 04 05 4b 68 61 6e 68 30 10 04 03 .sn1...Khanh0... 0090: 75 69 64 31 09 04 07 6b 68 61 6e 68 6e 71 30 18 uid1...khanhnq0. 00a0: 04 0c 75 73 65 72 50 61 73 73 77 6f 72 64 31 08 ..userPassword1. 00b0: 04 06 31 32 33 34 35 36 30 48 04 04 6d 61 69 6c ..1234560H..mail 00c0: 31 40 04 0f 6b 68 61 6e 68 6e 71 40 61 62 63 2e 1@..khanhn [2]q@abc. 00d0: 63 6f 6d 04 12 6e 71 6b 32 38 37 30 33 40 79 61 com..nqk28703@ya 00e0: 68 6f 6f 2e 63 6f 6d 04 19 6b 68 61 6e 68 6e 71 hoo.com..khanhnq 00f0: 40 73 61 69 67 6f 6e 74 65 63 68 2e 65 64 75 2e @saigontech.edu. 0100: 76 6e 30 0f 04 02 6f 75 31 09 04 07 6e 65 74 77 vn0...ou1...netw 0110: 6f 72 6b ork
read1msg: ld 0x901b540 msgid 2 message type search-entry ldap_get_dn_ber ber_scanf fmt ({ml{) ber:
ber_dump: buf=0x90255f0 ptr=0x90255f3 end=0x9025703 len=272 0000: 64 82 01 0c 04 28 63 6e 3d 4b 68 61 6e 68 20 4e d....(cn=Khanh N 0010: 67 75 79 65 6e 2c 6f 75 3d 6e 65 74 77 6f 72 6b guyen,ou=network 0020: 2c 64 63 3d 61 62 63 2c 64 63 3d 63 6f 6d 30 81 ,dc=abc,dc=com0. 0030: df 30 1e 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73 .0...objectClass 0040: 31 0f 04 0d 69 6e 65 74 4f 72 67 50 65 72 73 6f 1...inetOrgPerso 0050: 6e 30 27 04 02 63 6e 31 21 04 0c 4b 68 61 6e 68 n0'..cn1!..Khanh 0060: 20 4e 67 75 79 65 6e 04 11 4b 68 61 6e 68 20 4e Nguyen..Khanh N 0070: 67 75 79 65 6e 20 51 75 6f 63 30 0d 04 02 73 6e guyen Quoc0...sn 0080: 31 07 04 05 4b 68 61 6e 68 30 10 04 03 75 69 64 1...Khanh0...uid 0090: 31 09 04 07 6b 68 61 6e 68 6e 71 30 18 04 0c 75 1...khanhnq0...u 00a0: 73 65 72 50 61 73 73 77 6f 72 64 31 08 04 06 31 serPassword1...1 00b0: 32 33 34 35 36 30 48 04 04 6d 61 69 6c 31 40 04 234560H..mail1@. 00c0: 0f 6b 68 61 6e 68 6e 71 40 61 62 63 2e 63 6f 6d .khanhnq@abc.com 00d0: 04 12 6e 71 6b 32 38 37 30 33 40 79 61 68 6f 6f ..nqk28703@yahoo 00e0: 2e 63 6f 6d 04 19 6b 68 61 6e 68 6e 71 40 73 61 .com..khanhnq@sa 00f0: 69 67 6f 6e 74 65 63 68 2e 65 64 75 2e 76 6e 30 igontech.edu.vn0 0100: 0f 04 02 6f 75 31 09 04 07 6e 65 74 77 6f 72 6b ...ou1...network dn: cn=Khanh Nguyen,ou=network,dc=abc,dc=com
ber_scanf fmt ({xx) ber: ber_dump: buf=0x90255f0 ptr=0x90255f3 end=0x9025703 len=272 0000: 64 82 01 0c 04 28 63 6e 3d 4b 68 61 6e 68 20 4e d....(cn=Khanh N 0010: 67 75 79 65 6e 2c 6f 75 3d 6e 65 74 77 6f 72 6b guyen,ou=network 0020: 2c 64 63 3d 61 62 63 2c 64 63 3d 63 6f 6d 00 81 ,dc=abc,dc=com.. 0030: df 30 1e 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73 .0...objectClass 0040: 31 0f 04 0d 69 6e 65 74 4f 72 67 50 65 72 73 6f 1...inetOrgPerso 0050: 6e 30 27 04 02 63 6e 31 21 04 0c 4b 68 61 6e 68 n0'..cn1!..Khanh 0060: 20 4e 67 75 79 65 6e 04 11 4b 68 61 6e 68 20 4e Nguyen..Khanh N 0070: 67 75 79 65 6e 20 51 75 6f 63 30 0d 04 02 73 6e guyen Quoc0...sn 0080: 31 07 04 05 4b 68 61 6e 68 30 10 04 03 75 69 64
1...Khanh0...uid 0090: 31 09 04 07 6b 68 61 6e 68 6e 71 30 18 04 0c 75
1...khanhnq0...u 00a0: 73 65 72 50 61 73 73 77 6f 72 64 31 08 04 06 31
serPassword1...1 00b0: 32 33 34 35 36 30 48 04 04 6d 61 69 6c 31 40 04
234560H..mail1@. 00c0: 0f 6b 68 61 6e 68 6e 71 40 61 62 63 2e 63 6f 6d
.khanhnq@abc.com 00d0: 04 12 6e 71 6b 32 38 37 30 33 40 79 61 68 6f 6f
..nqk28703@yahoo 00e0: 2e 63 6f 6d 04 19 6b 68 61 6e 68 6e 71 40 73 61
.com..khanhnq@sa 00f0: 69 67 6f 6e 74 65 63 68 2e 65 64 75 2e 76 6e 30
igontech.edu.vn0 0100: 0f 04 02 6f 75 31 09 04 07 6e 65 74 77 6f 72 6b
...ou1...network ldap_get_attribute_ber ber_scanf fmt ({mM}) ber:
ber_dump: buf=0x90255f0 ptr=0x9025624 end=0x9025703 len=223 0000: 30 1e 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73 31 0...objectClass1 0010: 0f 04 0d 69 6e 65 74 4f 72 67 50 65 72 73 6f 6e ...inetOrgPerson 0020: 30 27 04 02 63 6e 31 21 04 0c 4b 68 61 6e 68 20 0'..cn1!..Khanh 0030: 4e 67 75 79 65 6e 04 11 4b 68 61 6e 68 20 4e 67 Nguyen..Khanh Ng 0040: 75 79 65 6e 20 51 75 6f 63 30 0d 04 02 73 6e 31 uyen Quoc0...sn1 0050: 07 04 05 4b 68 61 6e 68 30 10 04 03 75 69 64 31 ...Khanh0...uid1 0060: 09 04 07 6b 68 61 6e 68 6e 71 30 18 04 0c 75 73 ...khanhnq0...us 0070: 65 72 50 61 73 73 77 6f 72 64 31 08 04 06 31 32 erPassword1...12 0080: 33 34 35 36 30 48 04 04 6d 61 69 6c 31 40 04 0f 34560H..mail1@.. 0090: 6b 68 61 6e 68 6e 71 40 61 62 63 2e 63 6f 6d 04 khanhnq@abc.com [3]. 00a0: 12 6e 71 6b 32 38 37 30 33 40 79 61 68 6f 6f 2e .nqk28703@yahoo. 00b0: 63 6f 6d 04 19 6b 68 61 6e 68 6e 71 40 73 61 69 com..khanhnq@sai 00c0: 67 6f 6e 74 65 63 68 2e 65 64 75 2e 76 6e 30 0f gontech.edu.vn0. 00d0: 04 02 6f 75 31 09 04 07 6e 65 74 77 6f 72 6b ..ou1...network objectClass: inetOrgPerson ldap_get_attribute_ber
ber_scanf fmt ({mM}) ber: ber_dump: buf=0x90255f0 ptr=0x9025644 end=0x9025703 len=191 0000: 00 27 04 02 63 6e 31 21 04 0c 4b 68 61 6e 68 20 .'..cn1!..Khanh 0010: 4e 67 75 79 65 6e 04 11 4b 68 61 6e 68 20 4e 67 Nguyen..Khanh Ng 0020: 75 79 65 6e 20 51 75 6f 63 30 0d 04 02 73 6e 31 uyen Quoc0...sn1 0030: 07 04 05 4b 68 61 6e 68 30 10 04 03 75 69 64 31
...Khanh0...uid1 0040: 09 04 07 6b 68 61 6e 68 6e 71 30 18 04 0c 75 73
...khanhnq0...us 0050: 65 72 50 61 73 73 77 6f 72 64 31 08 04 06 31 32
erPassword1...12 0060: 33 34 35 36 30 48 04 04 6d 61 69 6c 31 40 04 0f
34560H..mail1@.. 0070: 6b 68 61 6e 68 6e 71 40 61 62 63 2e 63 6f 6d 04
khanhnq@abc.com [4]. 0080: 12 6e 71 6b 32 38 37 30 33 40 79 61 68 6f 6f 2e .nqk28703@yahoo. 0090: 63 6f 6d 04 19 6b 68 61 6e 68 6e 71 40 73 61 69 com..khanhnq@sai 00a0: 67 6f 6e 74 65 63 68 2e 65 64 75 2e 76 6e 30 0f gontech.edu.vn0. 00b0: 04 02 6f 75 31 09 04 07 6e 65 74 77 6f 72 6b
..ou1...network cn: Khanh Nguyen cn: Khanh Nguyen Quoc
ldap_get_attribute_ber ber_scanf fmt ({mM}) ber: ber_dump: buf=0x90255f0 ptr=0x902566d end=0x9025703 len=150 0000: 00 0d 04 02 73 6e 31 07 04 05 4b 68 61 6e 68 30 ....sn1...Khanh0 0010: 10 04 03 75 69 64 31 09 04 07 6b 68 61 6e 68 6e ...uid1...khanhn 0020: 71 30 18 04 0c 75 73 65 72 50 61 73 73 77 6f 72 q0...userPasswor 0030: 64 31 08 04 06 31 32 33 34 35 36 30 48 04 04 6d d1...1234560H..m 0040: 61 69 6c 31 40 04 0f 6b 68 61 6e 68 6e 71 40 61 ail1@..khanhn [5]q@a 0050: 62 63 2e 63 6f 6d 04 12 6e 71 6b 32 38 37 30 33 bc.com..nqk28703 0060: 40 79 61 68 6f 6f 2e 63 6f 6d 04 19 6b 68 61 6e @yahoo.com..khan 0070: 68 6e 71 40 73 61 69 67 6f 6e 74 65 63 68 2e 65 hnq@saigontech.e 0080: 64 75 2e 76 6e 30 0f 04 02 6f 75 31 09 04 07 6e du.vn0...ou1...n 0090: 65 74 77 6f 72 6b etwork
sn: Khanh
ldap_get_attribute_ber ber_scanf fmt ({mM}) ber: ber_dump: buf=0x90255f0 ptr=0x902567c end=0x9025703 len=135 0000: 00 10 04 03 75 69 64 31 09 04 07 6b 68 61 6e 68 ....uid1...khanh 0010: 6e 71 30 18 04 0c 75 73 65 72 50 61 73 73 77 6f nq0...userPasswo 0020: 72 64 31 08 04 06 31 32 33 34 35 36 30 48 04 04 rd1...1234560H.. 0030: 6d 61 69 6c 31 40 04 0f 6b 68 61 6e 68 6e 71 40 mail1@..khanhn [6]q@ 0040: 61 62 63 2e 63 6f 6d 04 12 6e 71 6b 32 38 37 30 abc.com..nqk2870 0050: 33 40 79 61 68 6f 6f 2e 63 6f 6d 04 19 6b 68 61 3@yahoo.com..kha [7] 0060: 6e 68 6e 71 40 73 61 69 67 6f 6e 74 65 63 68 2e nhnq@saigontech. 0070: 65 64 75 2e 76 6e 30 0f 04 02 6f 75 31 09 04 07 edu.vn0...ou1... 0080: 6e 65 74 77 6f 72 6b network
uid: khanhnq
ldap_get_attribute_ber ber_scanf fmt ({mM}) ber: ber_dump: buf=0x90255f0 ptr=0x902568e end=0x9025703 len=117 0000: 00 18 04 0c 75 73 65 72 50 61 73 73 77 6f 72 64 ....userPassword 0010: 31 08 04 06 31 32 33 34 35 36 30 48 04 04 6d 61 1...1234560H..ma 0020: 69 6c 31 40 04 0f 6b 68 61 6e 68 6e 71 40 61 62 il1@..khanhn [8]q@ab 0030: 63 2e 63 6f 6d 04 12 6e 71 6b 32 38 37 30 33 40 c.com..nqk28703@ 0040: 79 61 68 6f 6f 2e 63 6f 6d 04 19 6b 68 61 6e 68 yahoo.com..khanh 0050: 6e 71 40 73 61 69 67 6f 6e 74 65 63 68 2e 65 64 nq@saigontech.ed [9] 0060: 75 2e 76 6e 30 0f 04 02 6f 75 31 09 04 07 6e 65 u.vn0...ou1...ne 0070: 74 77 6f 72 6b twork
userPassword:: MTIzNDU2 ldap_get_attribute_ber ber_scanf fmt ({mM}) ber: ber_dump: buf=0x90255f0 ptr=0x90256a8 end=0x9025703 len=91 0000: 00 48 04 04 6d 61 69 6c 31 40 04 0f 6b 68 61 6e .H..mail1@..khan 0010: 68 6e 71 40 61 62 63 2e 63 6f 6d 04 12 6e 71 6b hnq@abc.com..nqk [10] 0020: 32 38 37 30 33 40 79 61 68 6f 6f 2e 63 6f 6d 04 28703@yahoo.com [11]. 0030: 19 6b 68 61 6e 68 6e 71 40 73 61 69 67 6f 6e 74 .khanhnq@saigont 0040: 65 63 68 2e 65 64 75 2e 76 6e 30 0f 04 02 6f 75 ech.edu.vn0...ou 0050: 31 09 04 07 6e 65 74 77 6f 72 6b 1...network
mail: khanhnq@abc.com [12] mail: nqk28703@yahoo.com [13] mail: khanhnq@saigontech.edu.vn [14]
ldap_get_attribute_ber ber_scanf fmt ({mM}) ber: ber_dump: buf=0x90255f0 ptr=0x90256f2 end=0x9025703 len=17 0000: 00 0f 04 02 6f 75 31 09 04 07 6e 65 74 77 6f 72 ....ou1...networ 0010: 6b k
ou: network
ldap_get_attribute_ber ldap_msgfree ldap_result ld 0x901b540 msgid -1
wait4msg ld 0x901b540 msgid -1 (infinite timeout) wait4msg continue ld 0x901b540 msgid -1 all 0 ** ld 0x901b540 Connections: * host: abc.com port: 389 (default) refcnt: 2 status: Connected last used: Fri May 27 16:42:21 2011
** ld 0x901b540 Outstanding Requests: * msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0 ld 0x901b540 request count 1 (abandoned 0) ** ld 0x901b540 Response Queue: Empty ld 0x901b540 response count 0 ldap_chkResponseList ld 0x901b540 msgid -1 all 0 ldap_chkResponseList returns ld 0x901b540 NULL ldap_int_select
read1msg: ld 0x901b540 msgid -1 all 0 ber_get_next ldap_read: want=8, got=8 0000: 30 0c 02 01 02 65 07 0a 0....e..
ldap_read: want=6, got=6
0000: 01 00 04 00 04 00 ......
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0x90252d8 ptr=0x90252d8 end=0x90252e4 len=12 0000: 02 01 02 65 07 0a 01 00 04 00 04 00 ...e........
read1msg: ld 0x901b540 msgid 2 message type search-result ber_scanf fmt ({eAA) ber: ber_dump: buf=0x90252d8 ptr=0x90252db end=0x90252e4 len=9 0000: 65 07 0a 01 00 04 00 04 00 e........
read1msg: ld 0x901b540 0 new referrals read1msg: mark request completed, ld 0x901b540 msgid 2 request done: ld 0x901b540 msgid 2 res_errno: 0, res_error: , res_matched: ldap_free_request (origid 2, msgid 2)
ldap_parse_result ber_scanf fmt ({iAA) ber: ber_dump: buf=0x90252d8 ptr=0x90252db end=0x90252e4 len=9 0000: 65 07 0a 01 00 04 00 04 00 e........
ber_scanf fmt (}) ber: ber_dump: buf=0x90252d8 ptr=0x90252e4 end=0x90252e4 len=0
ldap_msgfree ldap_free_connection 1 1
ldap_send_unbind ber_flush2: 7 bytes to sd 3 0000: 30 05 02 01 03 42 00 0....B.
ldap_write: want=7, written=7 0000: 30 05 02 01 03 42 00 0....B.
ldap_free_connection: actually freed
Please help,
Best Regards,
Am Sun, 29 May 2011 19:38:48 +0700 schrieb "Nguyen, Quoc Khanh" khanhnq@saigontech.edu.vn:
Hi all,
Please help me about this problem... I want to use testsaslauthd to test uid of OpenLDAP with TLS, but it fail...
Here is my config:
/usr/local/etc/saslauthd.conf: ldap_servers: ldap://localhost
[...]
TLS certificate verification: depth: 0, err: 7, subject:
/CN=abc.com/ST=HCM/C=VN/emailAddress=root@abc.com/O=SGT/OU=NW, issuer:
/CN=abc.com/ST=HCM/C=VN/emailAddress=root@abc.com/O=SGT/OU=NW Department
[...]
The LDAP host configured does not match the certificate CN
-Dieter
openldap-technical@openldap.org