[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cyrus-info
Subject:    Re: saslauthd and multiple dc levels
From:       Dan White <dwhite () olp ! net>
Date:       2014-12-30 14:42:41
Message-ID: 20141230144240.GA3977 () dan ! olp ! net
[Download RAW message or body]

On 12/30/14 10:52 +0100, Gabriele Bulfon wrote:
>So, first I changed openldap configuration with "sasl-secprops  none" to have also plain auth enabled.
>Running pluginviewer to see the plugins:
>sonicle@www:~$ pluginviewer -m PLAIN

>List of server plugins follows
>Plugin "plain" [loaded],        API version: 4
>List of client plugins follows
>Plugin "plain" [loaded],        API version: 4

>sonicle@www:~$ ldapsearch -xLLLH 'ldap://localhost/' -s base -b '' 'supportedSASLMechanisms'
>dn:
>supportedSASLMechanisms: SCRAM-SHA-1
>supportedSASLMechanisms: GS2-IAKERB
>supportedSASLMechanisms: GS2-KRB5
>supportedSASLMechanisms: GSSAPI
>supportedSASLMechanisms: DIGEST-MD5
>supportedSASLMechanisms: OTP
>supportedSASLMechanisms: CRAM-MD5
>supportedSASLMechanisms: PLAIN
>supportedSASLMechanisms: ANONYMOUS
>Now, try plain auth doing a earch of an existing user:
>sonicle@www:~$ ldapsearch -Y PLAIN -U test.user@sonicle.com -H ldap://localhost -W
>Enter LDAP Password:
>ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
>additional info: SASL(-4): no mechanism available: No worthy mechs found
>Can't find a reason for ldapsearch not finding the plain mech.

Odd.

Add a '-d -1' to get more detail. See the ldap.conf(5) manpage, and verify
you don't have any conflicting options set via relevant ENVIRONMENT
VARIABLES or FILES.

Check your syslog for any additional details (auth facility).

>Also, slapd has been built with sasl:
>sonicle@www:~$ ldd /sonicle/libexec/slapd
>libdb-4.8.so =/sonicle/lib/libdb-4.8.so
>libpthread.so.1 =/lib/libpthread.so.1
>libsasl2.so.2 =/sonicle/lib/libsasl2.so.2
>libdl.so.1 =/lib/libdl.so.1
>libssl.so.0.9.8 =/lib/libssl.so.0.9.8
>libcrypto.so.0.9.8 =/lib/libcrypto.so.0.9.8
>libresolv.so.2 =/lib/libresolv.so.2
>libgen.so.1 =/lib/libgen.so.1
>libnsl.so.1 =/lib/libnsl.so.1
>libsocket.so.1 =/lib/libsocket.so.1
>libc.so.1 =/lib/libc.so.1
>libgcc_s.so.1 =/usr/sfw/lib/libgcc_s.so.1
>libmd.so.1 =/lib/libmd.so.1
>libmp.so.2 =/lib/libmp.so.2
>libm.so.2 =/lib/libm.so.2

How about your libldap library and client utilities? Do they have access
to libsasl2 and the PLAIN shared library/mechanism? Try:

ldd `which ldapsearch`

And verify that the linked sasl library is the same as for slapd, or if
not, uses a good libsasl installation. Also, you may want to try ldapsearch
from another system with a known good sasl installation.

-- 
Dan White
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic