Re: [Ltb-users] debug Pass-Trough authentication with SASL

Wed, 20 Jan 2016 02:15:37 -0800 


Le 20/01/2016 11:02, Thomas Peter a écrit :

Hi,

In my etc/saslauthd.conf I do have
ldap_servers: ldap://example.com:389
which is a round-robin dns (10 IPs behind)

Now I have the problem that sometime the connection to example.com 
seems to hang:



Jan 18 17:06:15 uit-algo-p-11 slapd[130335]: conn=1410 op=0 BIND 
dn="cn=petert,dc=example,dc=com" method=128
Jan 18 17:06:15 uit-algo-p-11 slapd[130335]: conn=1410 op=0 BIND 
dn="cn=petert,dc=example,dc=com" mech=SIMPLE ssf=0
Jan 18 17:06:15 uit-algo-p-11 slapd[130335]: conn=1410 op=0 RESULT 
tag=97 err=0 text=
Jan 18 17:06:15 uit-algo-p-11 slapd[130335]: conn=1411 fd=15 ACCEPT 
from IP=127.0.0.1:54144 (IP=127.0.0.1:9389)
Jan 18 17:06:15 uit-algo-p-11 slapd[130335]: conn=1411 op=0 BIND 
dn="cn=petert,dc=example,dc=com" method=128

Jan 18 17:06:16 uit-algo-p-11 slapd[130335]: conn=1410 op=1 UNBIND
Jan 18 17:06:16 uit-algo-p-11 slapd[130335]: conn=1410 fd=14 closed

Jan 18 17:06:16 uit-algo-p-11 slapd[130335]: connection_read(14): no 
connection!

Jan 18 17:06:16 uit-algo-p-11 slapd[130335]: conn=1408 op=2 UNBIND
Jan 18 17:06:16 uit-algo-p-11 slapd[130335]: conn=1408 fd=13 closed

Jan 18 17:06:16 uit-algo-p-11 slapd[130335]: connection_read(13): no 
connection!

Jan 18 17:06:16 uit-algo-p-11 slapd[130335]: conn=1407 op=1 UNBIND
Jan 18 17:06:16 uit-algo-p-11 slapd[130335]: conn=1407 fd=10 closed

Jan 18 17:06:16 uit-algo-p-11 slapd[130335]: connection_read(10): no 
connection!
Jan 18 17:10:04 uit-algo-p-11 slapd[56384]: [INFO] Using 
/opt/tools/ldap/etc/default/slapd for configuration
Jan 18 17:10:04 uit-algo-p-11 slapd[56405]: [INFO] LDAP Tool Box 
OpenLDAP init script version 2.1
Jan 18 17:10:04 uit-algo-p-11 slapd[56652]: [INFO] Process OpenLDAP is 
running (PID 130335)
Jan 18 17:10:04 uit-algo-p-11 slapd[56656]: [INFO] Listening to 
services ldap://127.0.0.1:9389 ldaps://127.0.0.1:9636
Jan 18 17:10:04 uit-algo-p-11 slapd[56737]: [INFO] Process usage: 0.0% 
CPU /  0.1% MEM
Jan 18 17:10:05 uit-algo-p-11 slapd[56764]: [INFO] Detected suffix: 
dc=example,dc=com
Jan 18 17:15:04 uit-algo-p-11 slapd[83677]: [INFO] Using 
/opt/tools/ldap/etc/default/slapd for configuration
Jan 18 17:15:04 uit-algo-p-11 slapd[83684]: [INFO] LDAP Tool Box 
OpenLDAP init script version 2.1
Jan 18 17:15:04 uit-algo-p-11 slapd[83687]: [INFO] Process OpenLDAP is 
running (PID 130335)
Jan 18 17:15:04 uit-algo-p-11 slapd[83689]: [INFO] Listening to 
services ldap://127.0.0.1:9389 ldaps://127.0.0.1:9636
Jan 18 17:15:05 uit-algo-p-11 slapd[83710]: [INFO] Process usage: 0.0% 
CPU /  0.1% MEM
Jan 18 17:15:05 uit-algo-p-11 slapd[83733]: [INFO] Detected suffix: 
dc=example,dc=com
Jan 18 17:20:04 uit-algo-p-11 slapd[109672]: [INFO] Using 
/opt/tools/ldap/etc/default/slapd for configuration
Jan 18 17:20:04 uit-algo-p-11 slapd[109782]: [INFO] LDAP Tool Box 
OpenLDAP init script version 2.1
Jan 18 17:20:04 uit-algo-p-11 slapd[109789]: [INFO] Process OpenLDAP 
is running (PID 130335)
Jan 18 17:20:04 uit-algo-p-11 slapd[109790]: [INFO] Listening to 
services ldap://127.0.0.1:9389 ldaps://127.0.0.1:9636
Jan 18 17:20:05 uit-algo-p-11 slapd[109915]: [INFO] Process usage:  
0.0% CPU /  0.1% MEM
Jan 18 17:20:05 uit-algo-p-11 slapd[109938]: [INFO] Detected suffix: 
dc=example,dc=com
Jan 18 17:21:49 uit-algo-p-11 saslauthd[131005]: ldap_simple_bind() 
failed -1 (Can't contact LDAP server).

Jan 18 17:21:49 uit-algo-p-11 saslauthd[131005]: Retrying authentication

Jan 18 17:21:49 uit-algo-p-11 slapd[130335]: conn=1411 op=0 BIND 
dn="cn=petert,dc=example,dc=com" mech=SIMPLE ssf=0
Jan 18 17:21:49 uit-algo-p-11 slapd[130335]: conn=1411 op=0 RESULT 
tag=97 err=0 text=
Jan 18 17:21:49 uit-algo-p-11 slapd[130335]: conn=1411 op=1 SRCH 
base="dc=example,dc=com" scope=1 deref=3 filter="(&(uid=petert))"
Jan 18 17:21:49 uit-algo-p-11 slapd[130335]: <= 
mdb_equality_candidates: (uid) not indexed
Jan 18 17:21:49 uit-algo-p-11 slapd[130335]: conn=1411 op=1 SEARCH 
RESULT tag=101 err=0 nentries=1 text=
Jan 18 17:21:49 uit-algo-p-11 slapd[130335]: conn=1412 fd=10 ACCEPT 
from IP=127.0.0.1:54761 (IP=127.0.0.1:9389)
Jan 18 17:21:49 uit-algo-p-11 slapd[130335]: conn=1412 op=0 BIND 
dn="cn=petert,dc=example,dc=com" method=128
Jan 18 17:21:49 uit-algo-p-11 saslauthd[131009]: ldap_simple_bind() 
failed -1 (Can't contact LDAP server).

Jan 18 17:21:49 uit-algo-p-11 saslauthd[131009]: Retrying authentication

Jan 18 17:21:49 uit-algo-p-11 slapd[130335]: conn=1412 op=0 BIND 
dn="cn=petert,dc=example,dc=com" mech=SIMPLE ssf=0




The message "ldap_simple_bind() failed -1 (Can't contact LDAP 
server)." is quite common and it looks like I get it every bind.
What I'm now looking for is some help in diagnosis like "to which IP 
is saslauthd now connecting to and trying the bind"


Any hints?

btw: I can't run my openldap and saslauthd as root hence the 
portnumbers > 1024.



Hi Thomas,


The BIND done by saslauthd will not be shown in OpenLDAP logs. You need 
to see how get debug logs for saslauthd (I don't know if this is possible).


--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
87, rue de Turbigo - 75003 PARIS

_______________________________________________
ltb-users mailing list
ltb-users@lists.ltb-project.org
http://lists.ltb-project.org/listinfo/ltb-users






















					Reply via email to