> -----Original Message----- > From: Howard Chu [mailto:hyc@xxxxxxxxxxxxxxx] > Sent: Friday, April 03, 2009 1:07 PM > To: Xu, Qiang (FXSGSC) > Cc: Henry B. Hotz; cyrus-sasl@xxxxxxxxxxxxxxxxxxxx > Subject: Re: SASL2 plugin problem > > Xu, Qiang (FXSGSC) wrote: > > > > The caller seems innocent: > > ======================================== > > <apManager> (Tue Mar 31 2009 > 16:39:02.518)<p27931,t3079396256,aba_ldap_interface.c,6666> > > INFO>> Value of hostname sesswin2003:389 > > Fix that. MozLDAP isn't parsing it correctly; just use the hostname. > > The C API spec says that this is allowed to be in host:port > form, and the LDAP library is supposed to recognize that and > parse it appropriately when this form is passed in. MozLDAP > doesn't parse it though, it uses it verbatim. When it hands > this host:port form to SASL, which expects hostname and > portnumber as two separate parameters, things fail. Good news, Howard. The original code is like this: ======================================== if ((ldapHandle = prldap_init((ldapServerConfigData.hostnames), LDAP_PORT, 0)) == NULL) { LOGERROR("prldap_init failed"); return(ABA_LDAP_INIT_CALL_FAILED); } LOGINFO("prldap_init succeeded"); ======================================== As you have noticed, the value of the variable "ldapServerConfigData.hostnames" is actually in a format of "host:port", which is incorrect. The reason that simple binding can succeed may be due to the high tolerance of the function "ldap_simple_bind_s()", whereas "ldap_sasl_interactive_bind_ext_s()" is more sensitive. It is strange that the function "prldap_init()" doesn't report any error when the hostname comes in the form of "host:port". The log entry "prldap_init succeeded" is always visible, even in the case of SASL binding failure. According to your advice, I modifed the code as follows: ======================================== char *pSemicolon = NULL; char serverHost[PRIMARY_HOSTNAME+1] = {0}; int serverPort = 0; ...... pSemicolon = strchr(ldapServerConfigData.hostnames, ':'); strncpy(serverHost, ldapServerConfigData.hostnames, pSemicolon - ldapServerConfigData.hostnames); serverPort = atoi(pSemicolon + 1); LOGINFO("serverHost is [%s]", serverHost); LOGINFO("serverPort is [%d]", serverPort); if ((ldapHandle = prldap_init(serverHost, serverPort, 0)) == NULL) { LOGERROR("prldap_init failed"); return(ABA_LDAP_INIT_CALL_FAILED); } LOGINFO("prldap_init succeeded"); ======================================== Now SASL LDAP binding with "ldap_sasl_interactive_bind_ext_s()" returns LDAP_SUCCESS now. I am greatly relieved. Many thanks about it. Still, I have seen some strange packets: ======================================== 32 17.839052 13.198.98.107 13.198.98.35 LDAP bindRequest(1) "<ROOT>" sasl 33 17.917608 13.198.98.35 13.198.98.107 LDAP bindResponse(1) saslBindInProgress 35 17.919333 13.198.98.107 13.198.98.35 LDAP bindRequest(2) "<ROOT>" [Malformed Packet] 36 17.919637 13.198.98.35 13.198.98.107 LDAP bindResponse(2) saslBindInProgress 37 17.920316 13.198.98.107 13.198.98.35 LDAP bindRequest(3) "<ROOT>" sasl 38 17.920691 13.198.98.35 13.198.98.107 LDAP bindResponse(3) success ======================================== I am not sure if packet 35 is normal or not? After all, it says the packet is malformed. In contrast, a trace captured with OpenLDAP ldapsearch utility does not have this malformat packet: ======================================== 22 24.805633 13.198.98.35 13.198.98.190 LDAP bindResponse(1) saslBindInProgress 28 26.616093 13.198.98.190 13.198.98.35 LDAP bindRequest(2) "<ROOT>" sasl 29 26.616459 13.198.98.35 13.198.98.190 LDAP bindResponse(2) saslBindInProgress 31 26.616705 13.198.98.190 13.198.98.35 LDAP bindRequest(3) "<ROOT>" sasl 32 26.633134 13.198.98.35 13.198.98.190 LDAP bindResponse(3) success ======================================== Packet 29 is normal, compared to Packet 35 in the last trace. Another question: In SASL LDAP binding, I can't see explicit unbinding request and response, while I can see them in simple binding. Is this normal? Thanks a million, Xu Qiang
