[Fedora-directory-users] SASL bindings via PLAIN mechanism to FDS
Jonathan Barber
jon at compbio.dundee.ac.uk
Tue Apr 24 18:16:13 UTC 2007
Hi, I'm trying to get FDS (1.0.4 on Centos 4.4 with Cyrus SASL) to accept
authenticated bindings from clients using the SASL PLAIN mechanism over
SSL/TLS.
This is the first time that I've played with SASL, so I'd appreciate any
pointers to decent documentation if I'm doing something stupid.
My overall aim is too allow SASL PLAIN bindings via the openldap ldapsearch
client.
I've added the following SASL mapping and user entry to my FDS directory:
# SASL mapping
dn: cn=test,cn=mapping,cn=sasl,cn=config
objectClass: top
objectClass: nsSaslMapping
cn: test
nsSaslMapRegexString: \(.*\)
nsSaslMapBaseDNTemplate: ou=people,ou=lifesci,o=dundee
nsSaslMapFilterTemplate: (uid=\1)
# User
dn: uid=jon,ou=people,ou=lifesci,o=dundee
givenName: j
sn: b
uidNumber: 1000
gidNumber: 1000
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: posixAccount
uid: jon
cn: j b
homeDirectory: /tmp/
userpassword: {SSHA}hashedpassword
And restarted the server. I set the nsslapd-errorlog-level to 1 to observe the
bind process in detail, and get the trace in [1] when I try to bind to the LDAP
server with the command:
# ldapsearch -H ldaps://test -Y PLAIN
SASL/PLAIN authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-14): authorization failure: Password verification failed
This appears to fail because for some reason SASL tries to look the user up
again thinking that the DN is the the UID, fails, and rejects the bind as the
DN is unknown.
When I add a second mapping (and restart ns-slapd) to try and correct the
second failed search:
dn: cn=test2,cn=mapping,cn=sasl,cn=config
objectClass: top
objectClass: nsSaslMapping
cn: test2
nsSaslMapRegexString: uid=\([^,]*\),
nsSaslMapBaseDNTemplate: ou=people,ou=lifesci,o=dundee
nsSaslMapFilterTemplate: (uid=\1)
I get the trace in [2], and the client returns:
additional info: SASL(-13): authentication failure: Password verification failed
This just looks like SASL failed to authenticate the passwords this time.
So, have I got the wrong end of the stick - and I am trying to do something that
SASL won't let me - or have I just got an error somewhere in my configuration?
I've read both the wiki page:
http://directory.fedora.redhat.com/wiki/Howto:Kerberos
and Chapter 11 of the Admin guide, and neither are particulary useful, looking
at the FDS source isn't shedding much light.
Cheers.
[1] error log output with SASL mapping test
[24/Apr/2007:18:31:38 +0100] - BIND dn="" method=163 version=3
[24/Apr/2007:18:31:38 +0100] - => get_ldapmessage_controls
[24/Apr/2007:18:31:38 +0100] - <= get_ldapmessage_controls no controls
[24/Apr/2007:18:31:38 +0100] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.16)
[24/Apr/2007:18:31:38 +0100] - <= slapi_control_present 0 (NO CONTROLS)
[24/Apr/2007:18:31:38 +0100] - do_bind: version 3 method 0xa3 dn
[24/Apr/2007:18:31:38 +0100] - => ids_sasl_check_bind
[24/Apr/2007:18:31:38 +0100] - => ids_sasl_mech_supported
[24/Apr/2007:18:31:38 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:31:38 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:31:38 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:31:38 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:31:38 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:31:38 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:31:38 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:31:38 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:31:38 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:31:38 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:31:38 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:31:38 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:31:38 +0100] - <= ids_sasl_mech_supported
[24/Apr/2007:18:31:38 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:31:38 +0100] - ids_sasl_canon_user(user=jon, realm=)
[24/Apr/2007:18:31:38 +0100] - -> sasl_map_domap
[24/Apr/2007:18:31:38 +0100] - -> sasl_map_check
[24/Apr/2007:18:31:38 +0100] - regex: \(.*\), id: jon, matched
[24/Apr/2007:18:31:38 +0100] - mapped base dn: [BINARY JUNK], filter: [BINARY JUNK]
[24/Apr/2007:18:31:38 +0100] - <- sasl_map_check
[24/Apr/2007:18:31:38 +0100] - <- sasl_map_domap (mapped)
[24/Apr/2007:18:31:38 +0100] - sasl user search basedn="ou=people,ou=lifesci,o=dundee" filter="(uid=jon)"
[24/Apr/2007:18:31:38 +0100] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=2
[24/Apr/2007:18:31:38 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:31:38 +0100] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=1
[24/Apr/2007:18:31:38 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:31:39 +0100] - => compute_limits: sizelimit=-1, timelimit=-1
[24/Apr/2007:18:31:39 +0100] - Calling plugin 'ACL preoperation' #1 type 403
[24/Apr/2007:18:31:39 +0100] - Calling plugin 'Legacy replication preoperation plugin' #3 type 403
[24/Apr/2007:18:31:39 +0100] - Calling plugin 'Multimaster replication preoperation plugin' #4 type 403
[24/Apr/2007:18:31:39 +0100] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=0
[24/Apr/2007:18:31:39 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:31:39 +0100] - => find_entry_internal (dn=ou=people,ou=lifesci,o=dundee) lock 0
[24/Apr/2007:18:31:39 +0100] - => dn2entry "ou=people,ou=lifesci,o=dundee"
[24/Apr/2007:18:31:39 +0100] - <= dn2entry 96034e0
[24/Apr/2007:18:31:39 +0100] - <= find_entry_internal_dn found (ou=people,ou=lifesci,o=dundee)
[24/Apr/2007:18:31:39 +0100] - => filter_candidates
[24/Apr/2007:18:31:39 +0100] - => list_candidates 0xa1
[24/Apr/2007:18:31:39 +0100] - => filter_candidates
[24/Apr/2007:18:31:39 +0100] - => ava_candidates
[24/Apr/2007:18:31:39 +0100] - uid=jon
[24/Apr/2007:18:31:39 +0100] - => keys2idl type uid indextype eq
[24/Apr/2007:18:31:39 +0100] - => index_read( "uid" = "jon" )
[24/Apr/2007:18:31:39 +0100] - bulk fetch buffer nids=1
[24/Apr/2007:18:31:39 +0100] - idl_new_fetch =jon returns nids=1
[24/Apr/2007:18:31:39 +0100] - <= index_read 1 candidates
[24/Apr/2007:18:31:39 +0100] - ival[0] = "jon" => 1 IDs
[24/Apr/2007:18:31:39 +0100] - <= filter_candidates 1
[24/Apr/2007:18:31:39 +0100] - => filter_candidates
[24/Apr/2007:18:31:39 +0100] - => ava_candidates
[24/Apr/2007:18:31:39 +0100] - objectclass=referral
[24/Apr/2007:18:31:39 +0100] - => keys2idl type objectclass indextype eq
[24/Apr/2007:18:31:39 +0100] - => index_read( "objectclass" = "referral" )
[24/Apr/2007:18:31:39 +0100] - <= index_read 0 candidates
[24/Apr/2007:18:31:39 +0100] - ival[0] = "referral" => 0 IDs
[24/Apr/2007:18:31:39 +0100] - <= filter_candidates 0
[24/Apr/2007:18:31:39 +0100] - <= list_candidates 1
[24/Apr/2007:18:31:39 +0100] - <= filter_candidates 1
[24/Apr/2007:18:31:39 +0100] - candidate list has 1 ids
[24/Apr/2007:18:31:39 +0100] - => id2entry( 5 )
[24/Apr/2007:18:31:39 +0100] - => str2entry_fast
[24/Apr/2007:18:31:39 +0100] - <= str2entry_fast 0x95b2578
[24/Apr/2007:18:31:39 +0100] - -> attrcrypt_decrypt_entry
[24/Apr/2007:18:31:39 +0100] - <- attrcrypt_decrypt_entry
[24/Apr/2007:18:31:39 +0100] - <= id2entry( 5 ) 9638cc8 (disk)
[24/Apr/2007:18:31:39 +0100] - => send_ldap_search_entry (uid=jon,ou=people,ou=lifesci,o=dundee)
[24/Apr/2007:18:31:39 +0100] - <= send_ldap_search_entry
[24/Apr/2007:18:31:39 +0100] - => send_ldap_result 0::
[24/Apr/2007:18:31:39 +0100] - <= send_ldap_result
[24/Apr/2007:18:31:39 +0100] - sasl user search found dn=uid=jon,ou=people,ou=lifesci,o=dundee
[24/Apr/2007:18:31:39 +0100] - sasl user search found this entry: dn:uid=jon,ou=people,ou=lifesci,o=dundee, matching filter=
[24/Apr/2007:18:31:39 +0100] - ids_sasl_getopt: plugin= option=canon_user_plugin
[24/Apr/2007:18:31:39 +0100] - ids_sasl_getopt: plugin= option=auxprop_plugin
[24/Apr/2007:18:31:39 +0100] - ids_sasl_getopt: plugin= option=pwcheck_method
[24/Apr/2007:18:31:39 +0100] - ids_sasl_canon_user(user=uid=jon,ou=people,ou=lifesci,o=dundee, realm=)
[24/Apr/2007:18:31:40 +0100] - -> sasl_map_domap
[24/Apr/2007:18:31:40 +0100] - -> sasl_map_check
[24/Apr/2007:18:31:40 +0100] - regex: \(.*\), id: uid=jon,ou=people,ou=lifesci,o=dundee, matched
[24/Apr/2007:18:31:40 +0100] - mapped base dn: [BINARY JUNK], filter: [BINARY JUNK]
[24/Apr/2007:18:31:40 +0100] - <- sasl_map_check
[24/Apr/2007:18:31:40 +0100] - <- sasl_map_domap (mapped)
[24/Apr/2007:18:31:40 +0100] - sasl user search basedn="ou=people,ou=lifesci,o=dundee" filter="(uid=uid=jon,ou=people,ou=lifesci,o=dundee)"
[24/Apr/2007:18:31:40 +0100] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=2
[24/Apr/2007:18:31:40 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:31:40 +0100] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=1
[24/Apr/2007:18:31:40 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:31:40 +0100] - => compute_limits: sizelimit=-1, timelimit=-1
[24/Apr/2007:18:31:40 +0100] - Calling plugin 'ACL preoperation' #1 type 403
[24/Apr/2007:18:31:40 +0100] - Calling plugin 'Legacy replication preoperation plugin' #3 type 403
[24/Apr/2007:18:31:40 +0100] - Calling plugin 'Multimaster replication preoperation plugin' #4 type 403
[24/Apr/2007:18:31:40 +0100] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=0
[24/Apr/2007:18:31:40 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:31:40 +0100] - => find_entry_internal (dn=ou=people,ou=lifesci,o=dundee) lock 0
[24/Apr/2007:18:31:40 +0100] - => dn2entry "ou=people,ou=lifesci,o=dundee"
[24/Apr/2007:18:31:40 +0100] - <= dn2entry 96034e0
[24/Apr/2007:18:31:40 +0100] - <= find_entry_internal_dn found (ou=people,ou=lifesci,o=dundee)
[24/Apr/2007:18:31:40 +0100] - => filter_candidates
[24/Apr/2007:18:31:40 +0100] - => list_candidates 0xa1
[24/Apr/2007:18:31:40 +0100] - => filter_candidates
[24/Apr/2007:18:31:40 +0100] - => ava_candidates
[24/Apr/2007:18:31:40 +0100] - uid=uid=jon,ou=people,ou=lifesci,o=dundee
[24/Apr/2007:18:31:40 +0100] - => keys2idl type uid indextype eq
[24/Apr/2007:18:31:40 +0100] - => index_read( "uid" = "uid=jon,ou=people,ou=lifesci,o=dundee" )
[24/Apr/2007:18:31:40 +0100] - <= index_read 0 candidates
[24/Apr/2007:18:31:40 +0100] - ival[0] = "uid=jon,ou=people,ou=lifesci,o=dundee" => 0 IDs
[24/Apr/2007:18:31:40 +0100] - <= filter_candidates 0
[24/Apr/2007:18:31:40 +0100] - => filter_candidates
[24/Apr/2007:18:31:40 +0100] - => ava_candidates
[24/Apr/2007:18:31:40 +0100] - objectclass=referral
[24/Apr/2007:18:31:40 +0100] - => keys2idl type objectclass indextype eq
[24/Apr/2007:18:31:40 +0100] - => index_read( "objectclass" = "referral" )
[24/Apr/2007:18:31:40 +0100] - <= index_read 0 candidates
[24/Apr/2007:18:31:40 +0100] - ival[0] = "referral" => 0 IDs
[24/Apr/2007:18:31:40 +0100] - <= filter_candidates 0
[24/Apr/2007:18:31:40 +0100] - <= list_candidates 0
[24/Apr/2007:18:31:40 +0100] - <= filter_candidates 0
[24/Apr/2007:18:31:40 +0100] - candidate list has 0 ids
[24/Apr/2007:18:31:40 +0100] - => send_ldap_result 0::
[24/Apr/2007:18:31:40 +0100] - <= send_ldap_result
[24/Apr/2007:18:31:40 +0100] - sasl user search found no entries matching filter=:#w
[24/Apr/2007:18:31:41 +0100] - sasl(2): Password verification failed
[24/Apr/2007:18:31:41 +0100] - => send_ldap_result 49::SASL(-14): authorization failure: Password verification failed
[24/Apr/2007:18:31:41 +0100] - <= send_ldap_result
[2] error log output with SASL mapping test and test2
[24/Apr/2007:18:42:40 +0100] - => ids_sasl_server_new (lsd_test.lifesci.dundee.ac.uk)
[24/Apr/2007:18:42:40 +0100] - ids_sasl_getopt: plugin= option=log_level
[24/Apr/2007:18:42:40 +0100] - ids_sasl_getopt: plugin= option=auto_transition
[24/Apr/2007:18:42:40 +0100] - <= ids_sasl_server_new
[24/Apr/2007:18:42:40 +0100] - => slapi_reslimit_get_integer_limit() conn=0xb6b598a8, handle=3
[24/Apr/2007:18:42:40 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:40 +0100] - => slapi_reslimit_get_integer_limit() conn=0xb6b59808, handle=3
[24/Apr/2007:18:42:40 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:40 +0100] - add_pb
[24/Apr/2007:18:42:40 +0100] - => slapi_reslimit_get_integer_limit() conn=0xb6b59808, handle=3
[24/Apr/2007:18:42:40 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:40 +0100] - get_pb
[24/Apr/2007:18:42:42 +0100] - => slapi_reslimit_get_integer_limit() conn=0xb6b598a8, handle=3
[24/Apr/2007:18:42:42 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:42 +0100] - => slapi_reslimit_get_integer_limit() conn=0xb6b59808, handle=3
[24/Apr/2007:18:42:42 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:42 +0100] - add_pb
[24/Apr/2007:18:42:42 +0100] - => slapi_reslimit_get_integer_limit() conn=0xb6b59808, handle=3
[24/Apr/2007:18:42:42 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:42 +0100] - get_pb
[24/Apr/2007:18:42:42 +0100] - => slapi_reslimit_get_integer_limit() conn=0xb6b598a8, handle=3
[24/Apr/2007:18:42:42 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:42 +0100] - => slapi_reslimit_get_integer_limit() conn=0xb6b59808, handle=3
[24/Apr/2007:18:42:42 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:42 +0100] - do_bind
[24/Apr/2007:18:42:42 +0100] - BIND dn="" method=163 version=3
[24/Apr/2007:18:42:42 +0100] - => get_ldapmessage_controls
[24/Apr/2007:18:42:42 +0100] - <= get_ldapmessage_controls no controls
[24/Apr/2007:18:42:42 +0100] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.16)
[24/Apr/2007:18:42:42 +0100] - <= slapi_control_present 0 (NO CONTROLS)
[24/Apr/2007:18:42:42 +0100] - do_bind: version 3 method 0xa3 dn
[24/Apr/2007:18:42:42 +0100] - => ids_sasl_check_bind
[24/Apr/2007:18:42:42 +0100] - => ids_sasl_mech_supported
[24/Apr/2007:18:42:43 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:42:43 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:42:43 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:42:43 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:42:43 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:42:43 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:42:43 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:42:43 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:42:43 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:42:43 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:42:43 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:42:43 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:42:43 +0100] - <= ids_sasl_mech_supported
[24/Apr/2007:18:42:43 +0100] - ids_sasl_getopt: plugin= option=mech_list
[24/Apr/2007:18:42:43 +0100] - ids_sasl_canon_user(user=jon, realm=)
[24/Apr/2007:18:42:43 +0100] - -> sasl_map_domap
[24/Apr/2007:18:42:43 +0100] - -> sasl_map_check
[24/Apr/2007:18:42:43 +0100] - regex: uid=\([^,]*\),, id: jon, didn't match
[24/Apr/2007:18:42:43 +0100] - <- sasl_map_check
[24/Apr/2007:18:42:43 +0100] - -> sasl_map_check
[24/Apr/2007:18:42:43 +0100] - regex: \(.*\), id: jon, matched
[24/Apr/2007:18:42:43 +0100] - mapped base dn: [BINARY JUNK], filter: [BINARY JUNK]
[24/Apr/2007:18:42:43 +0100] - <- sasl_map_check
[24/Apr/2007:18:42:43 +0100] - <- sasl_map_domap (mapped)
[24/Apr/2007:18:42:43 +0100] - sasl user search basedn="ou=people,ou=lifesci,o=dundee" filter="(uid=jon)"
[24/Apr/2007:18:42:43 +0100] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=2
[24/Apr/2007:18:42:43 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:43 +0100] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=1
[24/Apr/2007:18:42:43 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:43 +0100] - => compute_limits: sizelimit=-1, timelimit=-1
[24/Apr/2007:18:42:43 +0100] - Calling plugin 'ACL preoperation' #1 type 403
[24/Apr/2007:18:42:43 +0100] - Calling plugin 'Legacy replication preoperation plugin' #3 type 403
[24/Apr/2007:18:42:43 +0100] - Calling plugin 'Multimaster replication preoperation plugin' #4 type 403
[24/Apr/2007:18:42:43 +0100] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=0
[24/Apr/2007:18:42:43 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:43 +0100] - => find_entry_internal (dn=ou=people,ou=lifesci,o=dundee) lock 0
[24/Apr/2007:18:42:43 +0100] - => dn2entry "ou=people,ou=lifesci,o=dundee"
[24/Apr/2007:18:42:43 +0100] - <= dn2entry 8851fa0
[24/Apr/2007:18:42:43 +0100] - <= find_entry_internal_dn found (ou=people,ou=lifesci,o=dundee)
[24/Apr/2007:18:42:43 +0100] - => filter_candidates
[24/Apr/2007:18:42:43 +0100] - => list_candidates 0xa1
[24/Apr/2007:18:42:43 +0100] - => filter_candidates
[24/Apr/2007:18:42:43 +0100] - => ava_candidates
[24/Apr/2007:18:42:43 +0100] - uid=jon
[24/Apr/2007:18:42:43 +0100] - => keys2idl type uid indextype eq
[24/Apr/2007:18:42:43 +0100] - => index_read( "uid" = "jon" )
[24/Apr/2007:18:42:43 +0100] - bulk fetch buffer nids=1
[24/Apr/2007:18:42:43 +0100] - idl_new_fetch =jon returns nids=1
[24/Apr/2007:18:42:44 +0100] - <= index_read 1 candidates
[24/Apr/2007:18:42:44 +0100] - ival[0] = "jon" => 1 IDs
[24/Apr/2007:18:42:44 +0100] - <= filter_candidates 1
[24/Apr/2007:18:42:44 +0100] - => filter_candidates
[24/Apr/2007:18:42:44 +0100] - => ava_candidates
[24/Apr/2007:18:42:44 +0100] - objectclass=referral
[24/Apr/2007:18:42:44 +0100] - => keys2idl type objectclass indextype eq
[24/Apr/2007:18:42:44 +0100] - => index_read( "objectclass" = "referral" )
[24/Apr/2007:18:42:44 +0100] - <= index_read 0 candidates
[24/Apr/2007:18:42:44 +0100] - ival[0] = "referral" => 0 IDs
[24/Apr/2007:18:42:44 +0100] - <= filter_candidates 0
[24/Apr/2007:18:42:44 +0100] - <= list_candidates 1
[24/Apr/2007:18:42:44 +0100] - <= filter_candidates 1
[24/Apr/2007:18:42:44 +0100] - candidate list has 1 ids
[24/Apr/2007:18:42:44 +0100] - => id2entry( 5 )
[24/Apr/2007:18:42:44 +0100] - <= id2entry 8ab8d90 (cache)
[24/Apr/2007:18:42:44 +0100] - => send_ldap_search_entry (uid=jon,ou=people,ou=lifesci,o=dundee)
[24/Apr/2007:18:42:44 +0100] - <= send_ldap_search_entry
[24/Apr/2007:18:42:44 +0100] - => send_ldap_result 0::
[24/Apr/2007:18:42:44 +0100] - <= send_ldap_result
[24/Apr/2007:18:42:44 +0100] - sasl user search found dn=uid=jon,ou=people,ou=lifesci,o=dundee
[24/Apr/2007:18:42:44 +0100] - sasl user search found this entry: dn:uid=jon,ou=people,ou=lifesci,o=dundee, matching filter=p
[24/Apr/2007:18:42:44 +0100] - ids_sasl_getopt: plugin= option=canon_user_plugin
[24/Apr/2007:18:42:44 +0100] - ids_sasl_getopt: plugin= option=auxprop_plugin
[24/Apr/2007:18:42:44 +0100] - ids_sasl_getopt: plugin= option=pwcheck_method
[24/Apr/2007:18:42:44 +0100] - ids_sasl_canon_user(user=uid=jon,ou=people,ou=lifesci,o=dundee, realm=)
[24/Apr/2007:18:42:44 +0100] - -> sasl_map_domap
[24/Apr/2007:18:42:44 +0100] - -> sasl_map_check
[24/Apr/2007:18:42:44 +0100] - regex: uid=\([^,]*\),, id: uid=jon,ou=people,ou=lifesci,o=dundee, matched
[24/Apr/2007:18:42:44 +0100] - mapped base dn: [BINARY JUNK] filter: [BINARY JUNK]
[24/Apr/2007:18:42:44 +0100] - <- sasl_map_check
[24/Apr/2007:18:42:44 +0100] - <- sasl_map_domap (mapped)
[24/Apr/2007:18:42:44 +0100] - sasl user search basedn="ou=people,ou=lifesci,o=dundee" filter="(uid=jon)"
[24/Apr/2007:18:42:44 +0100] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=2
[24/Apr/2007:18:42:44 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:44 +0100] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=1
[24/Apr/2007:18:42:44 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:44 +0100] - => compute_limits: sizelimit=-1, timelimit=-1
[24/Apr/2007:18:42:44 +0100] - Calling plugin 'ACL preoperation' #1 type 403
[24/Apr/2007:18:42:44 +0100] - Calling plugin 'Legacy replication preoperation plugin' #3 type 403
[24/Apr/2007:18:42:44 +0100] - Calling plugin 'Multimaster replication preoperation plugin' #4 type 403
[24/Apr/2007:18:42:44 +0100] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=0
[24/Apr/2007:18:42:45 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:45 +0100] - => find_entry_internal (dn=ou=people,ou=lifesci,o=dundee) lock 0
[24/Apr/2007:18:42:45 +0100] - => dn2entry "ou=people,ou=lifesci,o=dundee"
[24/Apr/2007:18:42:45 +0100] - <= dn2entry 8851fa0
[24/Apr/2007:18:42:45 +0100] - <= find_entry_internal_dn found (ou=people,ou=lifesci,o=dundee)
[24/Apr/2007:18:42:45 +0100] - => filter_candidates
[24/Apr/2007:18:42:45 +0100] - => list_candidates 0xa1
[24/Apr/2007:18:42:45 +0100] - => filter_candidates
[24/Apr/2007:18:42:45 +0100] - => ava_candidates
[24/Apr/2007:18:42:45 +0100] - uid=jon
[24/Apr/2007:18:42:45 +0100] - => keys2idl type uid indextype eq
[24/Apr/2007:18:42:45 +0100] - => index_read( "uid" = "jon" )
[24/Apr/2007:18:42:45 +0100] - bulk fetch buffer nids=1
[24/Apr/2007:18:42:45 +0100] - idl_new_fetch =jon returns nids=1
[24/Apr/2007:18:42:45 +0100] - <= index_read 1 candidates
[24/Apr/2007:18:42:45 +0100] - ival[0] = "jon" => 1 IDs
[24/Apr/2007:18:42:45 +0100] - <= filter_candidates 1
[24/Apr/2007:18:42:45 +0100] - => filter_candidates
[24/Apr/2007:18:42:45 +0100] - => ava_candidates
[24/Apr/2007:18:42:45 +0100] - objectclass=referral
[24/Apr/2007:18:42:45 +0100] - => keys2idl type objectclass indextype eq
[24/Apr/2007:18:42:45 +0100] - => index_read( "objectclass" = "referral" )
[24/Apr/2007:18:42:45 +0100] - <= index_read 0 candidates
[24/Apr/2007:18:42:45 +0100] - ival[0] = "referral" => 0 IDs
[24/Apr/2007:18:42:45 +0100] - <= filter_candidates 0
[24/Apr/2007:18:42:45 +0100] - <= list_candidates 1
[24/Apr/2007:18:42:45 +0100] - <= filter_candidates 1
[24/Apr/2007:18:42:45 +0100] - candidate list has 1 ids
[24/Apr/2007:18:42:45 +0100] - => id2entry( 5 )
[24/Apr/2007:18:42:45 +0100] - <= id2entry 8ab8d90 (cache)
[24/Apr/2007:18:42:45 +0100] - => send_ldap_search_entry (uid=jon,ou=people,ou=lifesci,o=dundee)
[24/Apr/2007:18:42:45 +0100] - <= send_ldap_search_entry
[24/Apr/2007:18:42:45 +0100] - => send_ldap_result 0::
[24/Apr/2007:18:42:45 +0100] - <= send_ldap_result
[24/Apr/2007:18:42:45 +0100] - sasl user search found dn=uid=jon,ou=people,ou=lifesci,o=dundee
[24/Apr/2007:18:42:45 +0100] - sasl user search found this entry: dn:uid=jon,ou=people,ou=lifesci,o=dundee, matching filter=:.
[24/Apr/2007:18:42:45 +0100] - ids_sasl_getopt: plugin= option=canon_user_plugin
[24/Apr/2007:18:42:45 +0100] - ids_sasl_getopt: plugin= option=auxprop_plugin
[24/Apr/2007:18:42:45 +0100] - ids_sasl_getopt: plugin= option=auxprop_plugin
[24/Apr/2007:18:42:45 +0100] - sasl(2): Password verification failed
[24/Apr/2007:18:42:45 +0100] - => send_ldap_result 49::SASL(-13): authentication failure: Password verification failed
[24/Apr/2007:18:42:45 +0100] - <= send_ldap_result
[24/Apr/2007:18:42:45 +0100] - add_pb
[24/Apr/2007:18:42:45 +0100] - => slapi_reslimit_get_integer_limit() conn=0xb6b59808, handle=3
[24/Apr/2007:18:42:45 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:45 +0100] - get_pb
[24/Apr/2007:18:42:45 +0100] - => slapi_reslimit_get_integer_limit() conn=0xb6b59808, handle=3
[24/Apr/2007:18:42:45 +0100] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
[24/Apr/2007:18:42:46 +0100] - => ids_sasl_check_bind
--
Jonathan Barber
High Performance Computing Analyst
Tel. +44 (0) 1382 386389
More information about the Fedora-directory-users
mailing list