SASL bindings via PLAIN mechanism to FDS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi, I'm trying to get FDS (1.0.4 on Centos 4.4 with Cyrus SASL) to accept
authenticated bindings from clients using the SASL PLAIN mechanism over
SSL/TLS.

This is the first time that I've played with SASL, so I'd appreciate any
pointers to decent documentation if I'm doing something stupid.

My overall aim is too allow SASL PLAIN bindings via the openldap ldapsearch
client.

I've added the following SASL mapping and user entry to my FDS directory:
# SASL mapping
dn: cn=test,cn=mapping,cn=sasl,cn=config
objectClass: top
objectClass: nsSaslMapping
cn: test
nsSaslMapRegexString: \(.*\)
nsSaslMapBaseDNTemplate: ou=people,ou=lifesci,o=dundee
nsSaslMapFilterTemplate: (uid=\1)

# User
dn: uid=jon,ou=people,ou=lifesci,o=dundee
givenName: j
sn: b
uidNumber: 1000
gidNumber: 1000
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: posixAccount
uid: jon
cn: j b
homeDirectory: /tmp/
userpassword: {SSHA}hashedpassword

And restarted the server. I set the nsslapd-errorlog-level to 1 to observe the
bind process in detail, and get the trace in [1] when I try to bind to the LDAP
server with the command:
# ldapsearch -H ldaps://test -Y PLAIN
SASL/PLAIN authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
        additional info: SASL(-14): authorization failure: Password verification failed

This appears to fail because for some reason SASL tries to look the user up
again thinking that the DN is the the UID, fails, and rejects the bind as the
DN is unknown.

When I add a second mapping (and restart ns-slapd) to try and correct the
second failed search:
dn: cn=test2,cn=mapping,cn=sasl,cn=config
objectClass: top
objectClass: nsSaslMapping
cn: test2
nsSaslMapRegexString: uid=\([^,]*\),
nsSaslMapBaseDNTemplate: ou=people,ou=lifesci,o=dundee
nsSaslMapFilterTemplate: (uid=\1)

I get the trace in [2], and the client returns:
additional info: SASL(-13): authentication failure: Password verification failed

This just looks like SASL failed to authenticate the passwords this time.

So, have I got the wrong end of the stick - and I am trying to do something that
SASL won't let me - or have I just got an error somewhere in my configuration?

I've read both the wiki page:
http://directory.fedora.redhat.com/wiki/Howto:Kerberos

and Chapter 11 of the Admin guide, and neither are particulary useful, looking
at the FDS source isn't shedding much light.

Cheers.

[1] error log output with SASL mapping test
[24/Apr/2007:18:31:38 +0100] - BIND dn="" method=163 version=3
[24/Apr/2007:18:31:38 +0100] - => get_ldapmessage_controls
[24/Apr/2007:18:31:38 +0100] - <= get_ldapmessage_controls no controls
[24/Apr/2007:18:31:38 +0100] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.16)
[24/Apr/2007:18:31:38 +0100] - <= slapi_control_present 0 (NO CONTROLS)
[24/Apr/2007:18:31:38 +0100] - do_bind: version 3 method 0xa3 dn
[24/Apr/2007:18:31:38 +0100] - => ids_sasl_check_bind
[24/Apr/2007:18:31:38 +0100] - => ids_sasl_mech_supported
[24/Apr/2007:18:31:38 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:31:38 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:31:38 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:31:38 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:31:38 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:31:38 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:31:38 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:31:38 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:31:38 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:31:38 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:31:38 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:31:38 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:31:38 +0100] - <= ids_sasl_mech_supported
[24/Apr/2007:18:31:38 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:31:38 +0100] - ids_sasl_canon_user(user=jon, realm=)
[24/Apr/2007:18:31:38 +0100] - -> sasl_map_domap
[24/Apr/2007:18:31:38 +0100] - -> sasl_map_check
[24/Apr/2007:18:31:38 +0100] - regex: \(.*\), id: jon, matched
[24/Apr/2007:18:31:38 +0100] - mapped base dn: [BINARY JUNK], filter: [BINARY JUNK]
[24/Apr/2007:18:31:38 +0100] - <- sasl_map_check
[24/Apr/2007:18:31:38 +0100] - <- sasl_map_domap (mapped)
[24/Apr/2007:18:31:38 +0100] - sasl user search basedn="ou=people,ou=lifesci,o=dundee" filter="(uid=jon)"
[24/Apr/2007:18:31:38 +0100] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=2
[24/Apr/2007:18:31:38 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:31:38 +0100] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=1
[24/Apr/2007:18:31:38 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:31:39 +0100] - => compute_limits: sizelimit=-1, timelimit=-1
[24/Apr/2007:18:31:39 +0100] - Calling plugin 'ACL preoperation' #1 type 403
[24/Apr/2007:18:31:39 +0100] - Calling plugin 'Legacy replication preoperation plugin' #3 type 403
[24/Apr/2007:18:31:39 +0100] - Calling plugin 'Multimaster replication preoperation plugin' #4 type 403
[24/Apr/2007:18:31:39 +0100] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=0
[24/Apr/2007:18:31:39 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:31:39 +0100] - => find_entry_internal (dn=ou=people,ou=lifesci,o=dundee) lock 0
[24/Apr/2007:18:31:39 +0100] - => dn2entry "ou=people,ou=lifesci,o=dundee"
[24/Apr/2007:18:31:39 +0100] - <= dn2entry 96034e0
[24/Apr/2007:18:31:39 +0100] - <= find_entry_internal_dn found (ou=people,ou=lifesci,o=dundee)
[24/Apr/2007:18:31:39 +0100] - => filter_candidates
[24/Apr/2007:18:31:39 +0100] - => list_candidates 0xa1
[24/Apr/2007:18:31:39 +0100] - => filter_candidates
[24/Apr/2007:18:31:39 +0100] - => ava_candidates
[24/Apr/2007:18:31:39 +0100] -    uid=jon
[24/Apr/2007:18:31:39 +0100] - => keys2idl type uid indextype eq
[24/Apr/2007:18:31:39 +0100] - => index_read( "uid" = "jon" )
[24/Apr/2007:18:31:39 +0100] - bulk fetch buffer nids=1
[24/Apr/2007:18:31:39 +0100] - idl_new_fetch =jon returns nids=1
[24/Apr/2007:18:31:39 +0100] - <= index_read 1 candidates
[24/Apr/2007:18:31:39 +0100] -    ival[0] = "jon" => 1 IDs
[24/Apr/2007:18:31:39 +0100] - <= filter_candidates 1
[24/Apr/2007:18:31:39 +0100] - => filter_candidates
[24/Apr/2007:18:31:39 +0100] - => ava_candidates
[24/Apr/2007:18:31:39 +0100] -    objectclass=referral
[24/Apr/2007:18:31:39 +0100] - => keys2idl type objectclass indextype eq
[24/Apr/2007:18:31:39 +0100] - => index_read( "objectclass" = "referral" )
[24/Apr/2007:18:31:39 +0100] - <= index_read 0 candidates
[24/Apr/2007:18:31:39 +0100] -    ival[0] = "referral" => 0 IDs
[24/Apr/2007:18:31:39 +0100] - <= filter_candidates 0
[24/Apr/2007:18:31:39 +0100] - <= list_candidates 1
[24/Apr/2007:18:31:39 +0100] - <= filter_candidates 1
[24/Apr/2007:18:31:39 +0100] - candidate list has 1 ids
[24/Apr/2007:18:31:39 +0100] - => id2entry( 5 )
[24/Apr/2007:18:31:39 +0100] - => str2entry_fast
[24/Apr/2007:18:31:39 +0100] - <= str2entry_fast 0x95b2578
[24/Apr/2007:18:31:39 +0100] - -> attrcrypt_decrypt_entry
[24/Apr/2007:18:31:39 +0100] - <- attrcrypt_decrypt_entry
[24/Apr/2007:18:31:39 +0100] - <= id2entry( 5 ) 9638cc8 (disk)
[24/Apr/2007:18:31:39 +0100] - => send_ldap_search_entry (uid=jon,ou=people,ou=lifesci,o=dundee)
[24/Apr/2007:18:31:39 +0100] - <= send_ldap_search_entry
[24/Apr/2007:18:31:39 +0100] - => send_ldap_result 0::
[24/Apr/2007:18:31:39 +0100] - <= send_ldap_result
[24/Apr/2007:18:31:39 +0100] - sasl user search found dn=uid=jon,ou=people,ou=lifesci,o=dundee
[24/Apr/2007:18:31:39 +0100] - sasl user search found this entry: dn:uid=jon,ou=people,ou=lifesci,o=dundee, matching filter=
[24/Apr/2007:18:31:39 +0100] - ids_sasl_getopt: plugin= option=canon_user_plugin
[24/Apr/2007:18:31:39 +0100] - ids_sasl_getopt: plugin= option=auxprop_plugin
[24/Apr/2007:18:31:39 +0100] - ids_sasl_getopt: plugin= option=pwcheck_method
[24/Apr/2007:18:31:39 +0100] - ids_sasl_canon_user(user=uid=jon,ou=people,ou=lifesci,o=dundee, realm=)
[24/Apr/2007:18:31:40 +0100] - -> sasl_map_domap
[24/Apr/2007:18:31:40 +0100] - -> sasl_map_check
[24/Apr/2007:18:31:40 +0100] - regex: \(.*\), id: uid=jon,ou=people,ou=lifesci,o=dundee, matched
[24/Apr/2007:18:31:40 +0100] - mapped base dn: [BINARY JUNK], filter: [BINARY JUNK]
[24/Apr/2007:18:31:40 +0100] - <- sasl_map_check
[24/Apr/2007:18:31:40 +0100] - <- sasl_map_domap (mapped)
[24/Apr/2007:18:31:40 +0100] - sasl user search basedn="ou=people,ou=lifesci,o=dundee" filter="(uid=uid=jon,ou=people,ou=lifesci,o=dundee)"
[24/Apr/2007:18:31:40 +0100] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=2
[24/Apr/2007:18:31:40 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:31:40 +0100] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=1
[24/Apr/2007:18:31:40 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:31:40 +0100] - => compute_limits: sizelimit=-1, timelimit=-1
[24/Apr/2007:18:31:40 +0100] - Calling plugin 'ACL preoperation' #1 type 403
[24/Apr/2007:18:31:40 +0100] - Calling plugin 'Legacy replication preoperation plugin' #3 type 403
[24/Apr/2007:18:31:40 +0100] - Calling plugin 'Multimaster replication preoperation plugin' #4 type 403
[24/Apr/2007:18:31:40 +0100] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=0
[24/Apr/2007:18:31:40 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:31:40 +0100] - => find_entry_internal (dn=ou=people,ou=lifesci,o=dundee) lock 0
[24/Apr/2007:18:31:40 +0100] - => dn2entry "ou=people,ou=lifesci,o=dundee"
[24/Apr/2007:18:31:40 +0100] - <= dn2entry 96034e0
[24/Apr/2007:18:31:40 +0100] - <= find_entry_internal_dn found (ou=people,ou=lifesci,o=dundee)
[24/Apr/2007:18:31:40 +0100] - => filter_candidates
[24/Apr/2007:18:31:40 +0100] - => list_candidates 0xa1
[24/Apr/2007:18:31:40 +0100] - => filter_candidates
[24/Apr/2007:18:31:40 +0100] - => ava_candidates
[24/Apr/2007:18:31:40 +0100] -    uid=uid=jon,ou=people,ou=lifesci,o=dundee
[24/Apr/2007:18:31:40 +0100] - => keys2idl type uid indextype eq
[24/Apr/2007:18:31:40 +0100] - => index_read( "uid" = "uid=jon,ou=people,ou=lifesci,o=dundee" )
[24/Apr/2007:18:31:40 +0100] - <= index_read 0 candidates
[24/Apr/2007:18:31:40 +0100] -    ival[0] = "uid=jon,ou=people,ou=lifesci,o=dundee" => 0 IDs
[24/Apr/2007:18:31:40 +0100] - <= filter_candidates 0
[24/Apr/2007:18:31:40 +0100] - => filter_candidates
[24/Apr/2007:18:31:40 +0100] - => ava_candidates
[24/Apr/2007:18:31:40 +0100] -    objectclass=referral
[24/Apr/2007:18:31:40 +0100] - => keys2idl type objectclass indextype eq
[24/Apr/2007:18:31:40 +0100] - => index_read( "objectclass" = "referral" )
[24/Apr/2007:18:31:40 +0100] - <= index_read 0 candidates
[24/Apr/2007:18:31:40 +0100] -    ival[0] = "referral" => 0 IDs
[24/Apr/2007:18:31:40 +0100] - <= filter_candidates 0
[24/Apr/2007:18:31:40 +0100] - <= list_candidates 0
[24/Apr/2007:18:31:40 +0100] - <= filter_candidates 0
[24/Apr/2007:18:31:40 +0100] - candidate list has 0 ids
[24/Apr/2007:18:31:40 +0100] - => send_ldap_result 0::
[24/Apr/2007:18:31:40 +0100] - <= send_ldap_result
[24/Apr/2007:18:31:40 +0100] - sasl user search found no entries matching filter=:#w
[24/Apr/2007:18:31:41 +0100] - sasl(2): Password verification failed
[24/Apr/2007:18:31:41 +0100] - => send_ldap_result 49::SASL(-14): authorization failure: Password verification failed
[24/Apr/2007:18:31:41 +0100] - <= send_ldap_result

[2] error log output with SASL mapping test and test2
[24/Apr/2007:18:42:40 +0100] - => ids_sasl_server_new (lsd_test.lifesci.dundee.ac.uk)
[24/Apr/2007:18:42:40 +0100] - ids_sasl_getopt: plugin= option=log_level
[24/Apr/2007:18:42:40 +0100] - ids_sasl_getopt: plugin= option=auto_transition
[24/Apr/2007:18:42:40 +0100] - <= ids_sasl_server_new
[24/Apr/2007:18:42:40 +0100] - => slapi_reslimit_get_integer_limit() conn=0xb6b598a8, handle=3
[24/Apr/2007:18:42:40 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:40 +0100] - => slapi_reslimit_get_integer_limit() conn=0xb6b59808, handle=3
[24/Apr/2007:18:42:40 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:40 +0100] - add_pb
[24/Apr/2007:18:42:40 +0100] - => slapi_reslimit_get_integer_limit() conn=0xb6b59808, handle=3
[24/Apr/2007:18:42:40 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:40 +0100] - get_pb
[24/Apr/2007:18:42:42 +0100] - => slapi_reslimit_get_integer_limit() conn=0xb6b598a8, handle=3
[24/Apr/2007:18:42:42 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:42 +0100] - => slapi_reslimit_get_integer_limit() conn=0xb6b59808, handle=3
[24/Apr/2007:18:42:42 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:42 +0100] - add_pb
[24/Apr/2007:18:42:42 +0100] - => slapi_reslimit_get_integer_limit() conn=0xb6b59808, handle=3
[24/Apr/2007:18:42:42 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:42 +0100] - get_pb
[24/Apr/2007:18:42:42 +0100] - => slapi_reslimit_get_integer_limit() conn=0xb6b598a8, handle=3
[24/Apr/2007:18:42:42 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:42 +0100] - => slapi_reslimit_get_integer_limit() conn=0xb6b59808, handle=3
[24/Apr/2007:18:42:42 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:42 +0100] - do_bind
[24/Apr/2007:18:42:42 +0100] - BIND dn="" method=163 version=3
[24/Apr/2007:18:42:42 +0100] - => get_ldapmessage_controls
[24/Apr/2007:18:42:42 +0100] - <= get_ldapmessage_controls no controls
[24/Apr/2007:18:42:42 +0100] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.16)
[24/Apr/2007:18:42:42 +0100] - <= slapi_control_present 0 (NO CONTROLS)
[24/Apr/2007:18:42:42 +0100] - do_bind: version 3 method 0xa3 dn
[24/Apr/2007:18:42:42 +0100] - => ids_sasl_check_bind
[24/Apr/2007:18:42:42 +0100] - => ids_sasl_mech_supported
[24/Apr/2007:18:42:43 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:42:43 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:42:43 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:42:43 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:42:43 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:42:43 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:42:43 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:42:43 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:42:43 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:42:43 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:42:43 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:42:43 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:42:43 +0100] - <= ids_sasl_mech_supported
[24/Apr/2007:18:42:43 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:42:43 +0100] - ids_sasl_canon_user(user=jon, realm=)
[24/Apr/2007:18:42:43 +0100] - -> sasl_map_domap
[24/Apr/2007:18:42:43 +0100] - -> sasl_map_check
[24/Apr/2007:18:42:43 +0100] - regex: uid=\([^,]*\),, id: jon, didn't match
[24/Apr/2007:18:42:43 +0100] - <- sasl_map_check
[24/Apr/2007:18:42:43 +0100] - -> sasl_map_check
[24/Apr/2007:18:42:43 +0100] - regex: \(.*\), id: jon, matched
[24/Apr/2007:18:42:43 +0100] - mapped base dn: [BINARY JUNK], filter: [BINARY JUNK]
[24/Apr/2007:18:42:43 +0100] - <- sasl_map_check
[24/Apr/2007:18:42:43 +0100] - <- sasl_map_domap (mapped)
[24/Apr/2007:18:42:43 +0100] - sasl user search basedn="ou=people,ou=lifesci,o=dundee" filter="(uid=jon)"
[24/Apr/2007:18:42:43 +0100] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=2
[24/Apr/2007:18:42:43 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:43 +0100] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=1
[24/Apr/2007:18:42:43 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:43 +0100] - => compute_limits: sizelimit=-1, timelimit=-1
[24/Apr/2007:18:42:43 +0100] - Calling plugin 'ACL preoperation' #1 type 403
[24/Apr/2007:18:42:43 +0100] - Calling plugin 'Legacy replication preoperation plugin' #3 type 403
[24/Apr/2007:18:42:43 +0100] - Calling plugin 'Multimaster replication preoperation plugin' #4 type 403
[24/Apr/2007:18:42:43 +0100] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=0
[24/Apr/2007:18:42:43 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:43 +0100] - => find_entry_internal (dn=ou=people,ou=lifesci,o=dundee) lock 0
[24/Apr/2007:18:42:43 +0100] - => dn2entry "ou=people,ou=lifesci,o=dundee"
[24/Apr/2007:18:42:43 +0100] - <= dn2entry 8851fa0
[24/Apr/2007:18:42:43 +0100] - <= find_entry_internal_dn found (ou=people,ou=lifesci,o=dundee)
[24/Apr/2007:18:42:43 +0100] - => filter_candidates
[24/Apr/2007:18:42:43 +0100] - => list_candidates 0xa1
[24/Apr/2007:18:42:43 +0100] - => filter_candidates
[24/Apr/2007:18:42:43 +0100] - => ava_candidates
[24/Apr/2007:18:42:43 +0100] -    uid=jon
[24/Apr/2007:18:42:43 +0100] - => keys2idl type uid indextype eq
[24/Apr/2007:18:42:43 +0100] - => index_read( "uid" = "jon" )
[24/Apr/2007:18:42:43 +0100] - bulk fetch buffer nids=1
[24/Apr/2007:18:42:43 +0100] - idl_new_fetch =jon returns nids=1
[24/Apr/2007:18:42:44 +0100] - <= index_read 1 candidates
[24/Apr/2007:18:42:44 +0100] -    ival[0] = "jon" => 1 IDs
[24/Apr/2007:18:42:44 +0100] - <= filter_candidates 1
[24/Apr/2007:18:42:44 +0100] - => filter_candidates
[24/Apr/2007:18:42:44 +0100] - => ava_candidates
[24/Apr/2007:18:42:44 +0100] -    objectclass=referral
[24/Apr/2007:18:42:44 +0100] - => keys2idl type objectclass indextype eq
[24/Apr/2007:18:42:44 +0100] - => index_read( "objectclass" = "referral" )
[24/Apr/2007:18:42:44 +0100] - <= index_read 0 candidates
[24/Apr/2007:18:42:44 +0100] -    ival[0] = "referral" => 0 IDs
[24/Apr/2007:18:42:44 +0100] - <= filter_candidates 0
[24/Apr/2007:18:42:44 +0100] - <= list_candidates 1
[24/Apr/2007:18:42:44 +0100] - <= filter_candidates 1
[24/Apr/2007:18:42:44 +0100] - candidate list has 1 ids
[24/Apr/2007:18:42:44 +0100] - => id2entry( 5 )
[24/Apr/2007:18:42:44 +0100] - <= id2entry 8ab8d90 (cache)
[24/Apr/2007:18:42:44 +0100] - => send_ldap_search_entry (uid=jon,ou=people,ou=lifesci,o=dundee)
[24/Apr/2007:18:42:44 +0100] - <= send_ldap_search_entry
[24/Apr/2007:18:42:44 +0100] - => send_ldap_result 0::
[24/Apr/2007:18:42:44 +0100] - <= send_ldap_result
[24/Apr/2007:18:42:44 +0100] - sasl user search found dn=uid=jon,ou=people,ou=lifesci,o=dundee
[24/Apr/2007:18:42:44 +0100] - sasl user search found this entry: dn:uid=jon,ou=people,ou=lifesci,o=dundee, matching filter=p
[24/Apr/2007:18:42:44 +0100] - ids_sasl_getopt: plugin= option=canon_user_plugin
[24/Apr/2007:18:42:44 +0100] - ids_sasl_getopt: plugin= option=auxprop_plugin
[24/Apr/2007:18:42:44 +0100] - ids_sasl_getopt: plugin= option=pwcheck_method
[24/Apr/2007:18:42:44 +0100] - ids_sasl_canon_user(user=uid=jon,ou=people,ou=lifesci,o=dundee, realm=)
[24/Apr/2007:18:42:44 +0100] - -> sasl_map_domap
[24/Apr/2007:18:42:44 +0100] - -> sasl_map_check
[24/Apr/2007:18:42:44 +0100] - regex: uid=\([^,]*\),, id: uid=jon,ou=people,ou=lifesci,o=dundee, matched
[24/Apr/2007:18:42:44 +0100] - mapped base dn: [BINARY JUNK] filter: [BINARY JUNK]
[24/Apr/2007:18:42:44 +0100] - <- sasl_map_check
[24/Apr/2007:18:42:44 +0100] - <- sasl_map_domap (mapped)
[24/Apr/2007:18:42:44 +0100] - sasl user search basedn="ou=people,ou=lifesci,o=dundee" filter="(uid=jon)"
[24/Apr/2007:18:42:44 +0100] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=2
[24/Apr/2007:18:42:44 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:44 +0100] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=1
[24/Apr/2007:18:42:44 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:44 +0100] - => compute_limits: sizelimit=-1, timelimit=-1
[24/Apr/2007:18:42:44 +0100] - Calling plugin 'ACL preoperation' #1 type 403
[24/Apr/2007:18:42:44 +0100] - Calling plugin 'Legacy replication preoperation plugin' #3 type 403
[24/Apr/2007:18:42:44 +0100] - Calling plugin 'Multimaster replication preoperation plugin' #4 type 403
[24/Apr/2007:18:42:44 +0100] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=0
[24/Apr/2007:18:42:45 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:45 +0100] - => find_entry_internal (dn=ou=people,ou=lifesci,o=dundee) lock 0
[24/Apr/2007:18:42:45 +0100] - => dn2entry "ou=people,ou=lifesci,o=dundee"
[24/Apr/2007:18:42:45 +0100] - <= dn2entry 8851fa0
[24/Apr/2007:18:42:45 +0100] - <= find_entry_internal_dn found (ou=people,ou=lifesci,o=dundee)
[24/Apr/2007:18:42:45 +0100] - => filter_candidates
[24/Apr/2007:18:42:45 +0100] - => list_candidates 0xa1
[24/Apr/2007:18:42:45 +0100] - => filter_candidates
[24/Apr/2007:18:42:45 +0100] - => ava_candidates
[24/Apr/2007:18:42:45 +0100] -    uid=jon
[24/Apr/2007:18:42:45 +0100] - => keys2idl type uid indextype eq
[24/Apr/2007:18:42:45 +0100] - => index_read( "uid" = "jon" )
[24/Apr/2007:18:42:45 +0100] - bulk fetch buffer nids=1
[24/Apr/2007:18:42:45 +0100] - idl_new_fetch =jon returns nids=1
[24/Apr/2007:18:42:45 +0100] - <= index_read 1 candidates
[24/Apr/2007:18:42:45 +0100] -    ival[0] = "jon" => 1 IDs
[24/Apr/2007:18:42:45 +0100] - <= filter_candidates 1
[24/Apr/2007:18:42:45 +0100] - => filter_candidates
[24/Apr/2007:18:42:45 +0100] - => ava_candidates
[24/Apr/2007:18:42:45 +0100] -    objectclass=referral
[24/Apr/2007:18:42:45 +0100] - => keys2idl type objectclass indextype eq
[24/Apr/2007:18:42:45 +0100] - => index_read( "objectclass" = "referral" )
[24/Apr/2007:18:42:45 +0100] - <= index_read 0 candidates
[24/Apr/2007:18:42:45 +0100] -    ival[0] = "referral" => 0 IDs
[24/Apr/2007:18:42:45 +0100] - <= filter_candidates 0
[24/Apr/2007:18:42:45 +0100] - <= list_candidates 1
[24/Apr/2007:18:42:45 +0100] - <= filter_candidates 1
[24/Apr/2007:18:42:45 +0100] - candidate list has 1 ids
[24/Apr/2007:18:42:45 +0100] - => id2entry( 5 )
[24/Apr/2007:18:42:45 +0100] - <= id2entry 8ab8d90 (cache)
[24/Apr/2007:18:42:45 +0100] - => send_ldap_search_entry (uid=jon,ou=people,ou=lifesci,o=dundee)
[24/Apr/2007:18:42:45 +0100] - <= send_ldap_search_entry
[24/Apr/2007:18:42:45 +0100] - => send_ldap_result 0::
[24/Apr/2007:18:42:45 +0100] - <= send_ldap_result
[24/Apr/2007:18:42:45 +0100] - sasl user search found dn=uid=jon,ou=people,ou=lifesci,o=dundee
[24/Apr/2007:18:42:45 +0100] - sasl user search found this entry: dn:uid=jon,ou=people,ou=lifesci,o=dundee, matching filter=:.
[24/Apr/2007:18:42:45 +0100] - ids_sasl_getopt: plugin= option=canon_user_plugin
[24/Apr/2007:18:42:45 +0100] - ids_sasl_getopt: plugin= option=auxprop_plugin
[24/Apr/2007:18:42:45 +0100] - ids_sasl_getopt: plugin= option=auxprop_plugin
[24/Apr/2007:18:42:45 +0100] - sasl(2): Password verification failed
[24/Apr/2007:18:42:45 +0100] - => send_ldap_result 49::SASL(-13): authentication failure: Password verification failed
[24/Apr/2007:18:42:45 +0100] - <= send_ldap_result
[24/Apr/2007:18:42:45 +0100] - add_pb
[24/Apr/2007:18:42:45 +0100] - => slapi_reslimit_get_integer_limit() conn=0xb6b59808, handle=3
[24/Apr/2007:18:42:45 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:45 +0100] - get_pb
[24/Apr/2007:18:42:45 +0100] - => slapi_reslimit_get_integer_limit() conn=0xb6b59808, handle=3
[24/Apr/2007:18:42:45 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:46 +0100] - => ids_sasl_check_bind

-- 
Jonathan Barber
High Performance Computing Analyst
Tel. +44 (0) 1382 386389
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux