[sisyphus] OpenLDAP+SASL(DIGEST-MD5)

ALT Linux Sisyphus discussions
 help / color / mirror / Atom feed

* [sisyphus] OpenLDAP+SASL(DIGEST-MD5)
@ 2005-02-14 10:39 Epiphanov Sergei
  2005-02-14 10:44 ` Epiphanov Sergei
  2005-02-14 10:44 ` Epiphanov Sergei
  0 siblings, 2 replies; 3+ messages in thread
From: Epiphanov Sergei @ 2005-02-14 10:39 UTC (permalink / raw)
  To: Рассылка Sisyphus

Прошу послать мне лично хотя бы какие-нибудь ссылки как заполучить регистрацию
в OpenLDAP через SASL (у кого работает), чтобы пароли хранились в OpenLDAP.
Пишу сюда, так как в Интернете нужной информации не нашёл, в Community
так ничего и не сказали. Помогите, бубен не работает...

Пробовал через документацию OpenLDAP, прописал нужные sasl-regexp,
прописал в rootDSE параметр

supportedSASLMechanisms: DIGEST-MD5

SIMPLE регистрация работает, запущен saslauthd, команда testauthd проходит
нормально. При попытке пройти регистрацию через SASL получаю:

$ ldapsearch -U user@realm -W -b "dc=example,dc=com"
Enter LDAP Password:
SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Authentication method not supported (7)
        additional info: SASL(-4): no mechanism available: Couldn't find mech DIGEST-MD5
$testsaslauthd -u user -p test
0: OK "Success."
$ ldapsearch -x -D "uid=user,ou=people,dc=example,dc=com" -W -b 
"dc=example,dc=com"
...
выдаёт текст из базы
...
$ cat /etc/openldap/rootDSE.ldif
dn:
vendorName: The OpenLDAP Project
supportedSASLMechanisms: DIGEST-MD5

В /etc/openldap/slapd.conf есть строки:

sasl-regexp
    uid=(.*),cn=realm,cn=DIGEST-MD5,cn=auth
    uid=$1,ou=people,dc=example,dc=com

sasl-regexp
    uid=(.*),cn=DIGEST-MD5,cn=auth
    uid=$1,ou=people,dc=example,dc=com

Ковыряние обнаружило, что нет обработки root_dse_info, в которой
идёт создание атрибутов rootDSE (где, кстати и появляются
supportedSASLMechanisms). Прав я или нет? 

-- 
С уважением, Епифанов Сергей

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [sisyphus] OpenLDAP+SASL(DIGEST-MD5)
  2005-02-14 10:39 [sisyphus] OpenLDAP+SASL(DIGEST-MD5) Epiphanov Sergei
@ 2005-02-14 10:44 ` Epiphanov Sergei
  2005-02-14 10:44 ` Epiphanov Sergei
  1 sibling, 0 replies; 3+ messages in thread
From: Epiphanov Sergei @ 2005-02-14 10:44 UTC (permalink / raw)
  To: ALT Linux Sisyphus discussion list

Файл логов от сервера в аттаче

-- 
С уважением, Епифанов Сергей


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [sisyphus] OpenLDAP+SASL(DIGEST-MD5)
  2005-02-14 10:39 [sisyphus] OpenLDAP+SASL(DIGEST-MD5) Epiphanov Sergei
  2005-02-14 10:44 ` Epiphanov Sergei
@ 2005-02-14 10:44 ` Epiphanov Sergei
  1 sibling, 0 replies; 3+ messages in thread
From: Epiphanov Sergei @ 2005-02-14 10:44 UTC (permalink / raw)
  To: ALT Linux Sisyphus discussion list

[-- Attachment #1: Type: text/plain, Size: 69 bytes --]

Файл логов от сервера в аттаче

-- 
С уважением, Епифанов Сергей

[-- Attachment #2: ldap-sasl-connect1.txt --]
[-- Type: text/plain, Size: 3904 bytes --]

Feb 14 11:40:07 tester slapd[13471]: daemon: activity on 1 descriptors
Feb 14 11:40:07 tester slapd[13471]: daemon: new connection on 12
Feb 14 11:40:07 tester slapd[13471]: conn=0 fd=12 ACCEPT from IP=192.168.1.100:33097 (IP=192.168.1.100:389)
Feb 14 11:40:07 tester slapd[13471]: daemon: added 12r
Feb 14 11:40:07 tester slapd[13471]: daemon: activity on:
Feb 14 11:40:07 tester slapd[13471]:
Feb 14 11:40:07 tester slapd[13471]: daemon: select: listen=6 active_threads=0 tvp=NULL
Feb 14 11:40:07 tester slapd[13471]: daemon: select: listen=7 active_threads=0 tvp=NULL
Feb 14 11:40:07 tester slapd[13471]: daemon: activity on 1 descriptors
Feb 14 11:40:07 tester slapd[13471]: daemon: activity on:
Feb 14 11:40:07 tester slapd[13471]:  12r
Feb 14 11:40:07 tester slapd[13471]:
Feb 14 11:40:07 tester slapd[13471]: daemon: read activity on 12
Feb 14 11:40:07 tester slapd[13471]: connection_get(12)
Feb 14 11:40:07 tester slapd[13471]: connection_get(12): got connid=0
Feb 14 11:40:07 tester slapd[13471]: connection_read(12): checking for input on id=0
Feb 14 11:40:07 tester slapd[13471]: ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable)
Feb 14 11:40:07 tester slapd[13487]: do_bind
Feb 14 11:40:07 tester slapd[13487]: >>> dnPrettyNormal: <uid=user,cn=realm,cn=DIGEST-MD5,cn=auth>
Feb 14 11:40:07 tester slapd[13487]: <<< dnPrettyNormal: <uid=user,cn=realm,cn=DIGEST-MD5,cn=auth>, <uid=user,cn=realm,cn=digest-md5,cn=auth>
Feb 14 11:40:07 tester slapd[13471]: daemon: select: listen=6 active_threads=0 tvp=NULL
Feb 14 11:40:07 tester slapd[13487]: do_sasl_bind: dn (uid=user,cn=realm,cn=DIGEST-MD5,cn=auth) mech DIGEST-MD5
Feb 14 11:40:07 tester slapd[13471]: daemon: select: listen=7 active_threads=0 tvp=NULL
Feb 14 11:40:07 tester slapd[13487]: conn=0 op=0 BIND dn="uid=user,cn=realm,cn=DIGEST-MD5,cn=auth" method=163
Feb 14 11:40:07 tester slapd[13487]: ==> sasl_bind: dn="uid=user,cn=realm,cn=DIGEST-MD5,cn=auth" mech=DIGEST-MD5 datalen=0
Feb 14 11:40:07 tester slapd[13487]: SASL [conn=0] Failure: Couldn't find mech DIGEST-MD5
Feb 14 11:40:07 tester slapd[13487]: send_ldap_result: conn=0 op=0 p=3
Feb 14 11:40:07 tester slapd[13487]: send_ldap_result: err=7 matched="" text="SASL(-4): no mechanism available: Couldn't find mech DIGEST-MD5"
Feb 14 11:40:07 tester slapd[13487]: send_ldap_response: msgid=1 tag=97 err=7
Feb 14 11:40:07 tester slapd[13487]: conn=0 op=0 RESULT tag=97 err=7 text=SASL(-4): no mechanism available: Couldn't find mech DIGEST-MD5
Feb 14 11:40:07 tester slapd[13487]: <== slap_sasl_bind: rc=7
Feb 14 11:40:07 tester slapd[13471]: daemon: activity on 1 descriptors
Feb 14 11:40:07 tester slapd[13471]: daemon: activity on:
Feb 14 11:40:07 tester slapd[13471]:  12r
Feb 14 11:40:07 tester slapd[13471]:
Feb 14 11:40:07 tester slapd[13471]: daemon: read activity on 12
Feb 14 11:40:07 tester slapd[13471]: connection_get(12)
Feb 14 11:40:07 tester slapd[13471]: connection_get(12): got connid=0
Feb 14 11:40:07 tester slapd[13471]: connection_read(12): checking for input on id=0
Feb 14 11:40:07 tester slapd[13471]: ber_get_next on fd 12 failed errno=0 (Success)
Feb 14 11:40:07 tester slapd[13471]: connection_read(12): input error=-2 id=0, closing.
Feb 14 11:40:07 tester slapd[13471]: connection_closing: readying conn=0 sd=12 for close
Feb 14 11:40:07 tester slapd[13471]: connection_close: conn=0 sd=12
Feb 14 11:40:07 tester slapd[13471]: daemon: removing 12
Feb 14 11:40:07 tester slapd[13471]: conn=0 fd=12 closed
Feb 14 11:40:07 tester slapd[13471]: daemon: select: listen=6 active_threads=0 tvp=NULL
Feb 14 11:40:07 tester slapd[13471]: daemon: select: listen=7 active_threads=0 tvp=NULL
Feb 14 11:40:07 tester slapd[13471]: daemon: activity on 1 descriptors
Feb 14 11:40:07 tester slapd[13471]: daemon: select: listen=6 active_threads=0 tvp=NULL
Feb 14 11:40:07 tester slapd[13471]: daemon: select: listen=7 active_threads=0 tvp=NULL

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2005-02-14 10:44 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-02-14 10:39 [sisyphus] OpenLDAP+SASL(DIGEST-MD5) Epiphanov Sergei
2005-02-14 10:44 ` Epiphanov Sergei
2005-02-14 10:44 ` Epiphanov Sergei

ALT Linux Sisyphus discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/sisyphus/0 sisyphus/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 sisyphus sisyphus/ http://lore.altlinux.org/sisyphus \
		sisyphus@altlinux.ru sisyphus@altlinux.org sisyphus@lists.altlinux.org sisyphus@lists.altlinux.ru sisyphus@lists.altlinux.com sisyphus@linuxteam.iplabs.ru sisyphus@list.linux-os.ru
	public-inbox-index sisyphus

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.sisyphus


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git