Re: saslauthd and multiple dc levels

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/30/14 10:52 +0100, Gabriele Bulfon wrote:
>So, first I changed openldap configuration with "sasl-secprops  none" to have also plain auth enabled.
>Running pluginviewer to see the plugins:
>sonicle@www:~$ pluginviewer -m PLAIN

>List of server plugins follows
>Plugin "plain" [loaded],        API version: 4
>List of client plugins follows
>Plugin "plain" [loaded],        API version: 4

>sonicle@www:~$ ldapsearch -xLLLH 'ldap://localhost/' -s base -b '' 'supportedSASLMechanisms'
>dn:
>supportedSASLMechanisms: SCRAM-SHA-1
>supportedSASLMechanisms: GS2-IAKERB
>supportedSASLMechanisms: GS2-KRB5
>supportedSASLMechanisms: GSSAPI
>supportedSASLMechanisms: DIGEST-MD5
>supportedSASLMechanisms: OTP
>supportedSASLMechanisms: CRAM-MD5
>supportedSASLMechanisms: PLAIN
>supportedSASLMechanisms: ANONYMOUS
>Now, try plain auth doing a earch of an existing user:
>sonicle@www:~$ ldapsearch -Y PLAIN -U test.user@xxxxxxxxxxx -H ldap://localhost -W
>Enter LDAP Password:
>ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
>additional info: SASL(-4): no mechanism available: No worthy mechs found
>Can't find a reason for ldapsearch not finding the plain mech.

Odd.

Add a '-d -1' to get more detail. See the ldap.conf(5) manpage, and verify
you don't have any conflicting options set via relevant ENVIRONMENT
VARIABLES or FILES.

Check your syslog for any additional details (auth facility).

>Also, slapd has been built with sasl:
>sonicle@www:~$ ldd /sonicle/libexec/slapd
>libdb-4.8.so =/sonicle/lib/libdb-4.8.so
>libpthread.so.1 =/lib/libpthread.so.1
>libsasl2.so.2 =/sonicle/lib/libsasl2.so.2
>libdl.so.1 =/lib/libdl.so.1
>libssl.so.0.9.8 =/lib/libssl.so.0.9.8
>libcrypto.so.0.9.8 =/lib/libcrypto.so.0.9.8
>libresolv.so.2 =/lib/libresolv.so.2
>libgen.so.1 =/lib/libgen.so.1
>libnsl.so.1 =/lib/libnsl.so.1
>libsocket.so.1 =/lib/libsocket.so.1
>libc.so.1 =/lib/libc.so.1
>libgcc_s.so.1 =/usr/sfw/lib/libgcc_s.so.1
>libmd.so.1 =/lib/libmd.so.1
>libmp.so.2 =/lib/libmp.so.2
>libm.so.2 =/lib/libm.so.2

How about your libldap library and client utilities? Do they have access
to libsasl2 and the PLAIN shared library/mechanism? Try:

ldd `which ldapsearch`

And verify that the linked sasl library is the same as for slapd, or if
not, uses a good libsasl installation. Also, you may want to try ldapsearch
from another system with a known good sasl installation.

-- 
Dan White
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus




[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux