Re: CoS + SASL problems?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hai Zaar wrote:

Dear list!

I'm using FDS-1.0.2 together with Heimdal Kerberos as NIS replacement.
I having rather strange problem with SASL.
I have two posixGroups. The first is
cn=peopleGroup,ou=people,dc=example,dc=com and the other is
cn=testGroup,ou=Groups,dc=example,dc=com
testGroup is affected by Pointer CoS - this important!

On client I run:
# kinit foo
# ldapsearch -h directory.example.com  -b "dc=example,dc=com" -s sub
-Y GSSAPI   -I  '(&(objectClass=posixGroup)(cn=peopleGroup))'
Search returns sane results. However running serach for testGroup
returns the following:
---------------------------
# ldapsearch -h directory.example.com  -b "dc=example,dc=com" -s sub
-Y GSSAPI   -I  '(&(objectClass=posixGroup)(cn=testGroup))'
SASL/GSSAPI authentication started
SASL Interaction
Please enter your authorization name:
SASL username: foo@xxxxxxxxxxx
SASL SSF: 56
SASL installing layers
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (&(objectClass=posixGroup)(cn=testGroup))
# requesting: ALL
#

ldap_result: Can't contact LDAP server (-1)
---------------------------
If I remove CoS from ou=Groups,dc=example,dc=com, then It all works OK
(but of course I do not get any of 'uniquememeber' attributes that
come from CoS).

The most strange things is however that if I set
SASL_SECPROPS maxssf=0
in /etc/openldap/ldap.conf, then everything works just fine (but no security). 

To the end, here is what FDS access log says:
[10/Sep/2006:17:02:51 +0300] conn=111 fd=67 slot=67 connection from
10.0.2.236 to 10.0.0.10
[10/Sep/2006:17:02:51 +0300] conn=111 op=0 BIND dn="" method=sasl
version=3 mech=GSSAPI
[10/Sep/2006:17:02:51 +0300] conn=111 op=0 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress
[10/Sep/2006:17:02:51 +0300] conn=111 op=1 BIND dn="" method=sasl
version=3 mech=GSSAPI
[10/Sep/2006:17:02:51 +0300] conn=111 op=1 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress
[10/Sep/2006:17:02:51 +0300] conn=111 op=2 BIND dn="" method=sasl
version=3 mech=GSSAPI
[10/Sep/2006:17:02:51 +0300] conn=111 op=2 RESULT err=0 tag=97
nentries=0 etime=0 dn="uid=foo,ou=people,dc=example,dc=com"
[10/Sep/2006:17:02:51 +0300] conn=111 op=3 SRCH
base="dc=example,dc=com" scope=2
filter="(&(objectClass=posixGroup)(cn=testGroup))" attrs=ALL
[10/Sep/2006:17:02:51 +0300] conn=111 op=3 fd=67 closed - B4
It looks like server just drops connection. Error logs indicate nothing.

Any ideas anyone?
I'm unable to reproduce the issue. Could you supply us with your COS template, COS definition, and testGroup entries? 

-NGK

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux