ldapwhoami -Y PLAIN -H ldap://182.19.136.42 -U testuser
produces :
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available: No worthy mechs
found
Tim
On Mon, Jan 4, 2016 at 8:42 AM, Dan White <[email protected]> wrote:
> On 12/31/15 11:13 -0600, Timothy Keith wrote:
>
>> I defined:
>> ldap_mech: PLAIN
>>
>> I am new at LDAP , that is obvious I guess. But, I've been around Unix
>> for
>> 30 years.
>>
>> This is the latest output from saslauthd in debug mode :
>>
>> saslauthd[19271] :main : num_procs : 5
>> saslauthd[19271] :main : mech_option: NULL
>> saslauthd[19271] :main : run_path : /var/run/saslauthd
>> saslauthd[19271] :main : auth_mech : ldap
>> saslauthd[19271] :ipc_init : using accept lock file:
>> /var/run/saslauthd/mux.accept
>> saslauthd[19271] :detach_tty : master pid is: 0
>> saslauthd[19271] :ipc_init : listening on socket:
>> /var/run/saslauthd/mux
>> saslauthd[19271] :main : using process model
>> saslauthd[19271] :have_baby : forked child: 19272
>> saslauthd[19271] :have_baby : forked child: 19273
>> saslauthd[19271] :have_baby : forked child: 19274
>> saslauthd[19271] :have_baby : forked child: 19275
>> saslauthd[19271] :get_accept_lock : acquired accept lock
>> saslauthd[19271] :rel_accept_lock : released accept lock
>> saslauthd[19272] :get_accept_lock : acquired accept lock
>> ldap_sasl_interactive_bind: user selected: PLAIN
>> ldap_int_sasl_bind: PLAIN
>> ldap_new_connection 1 1 0
>> ldap_int_open_connection
>> ldap_connect_to_host: TCP 182.19.136.42:389
>> ldap_new_socket: 10
>> ldap_prepare_socket: 10
>> ldap_connect_to_host: Trying 182.19.136.42:389
>> ldap_pvt_connect: fd: 10 tm: 10 async: 0
>> ldap_ndelay_on: 10
>> attempting to connect:
>> connect errno: 115
>> ldap_int_poll: fd: 10 tm: 10
>> ldap_is_sock_ready: 10
>> ldap_ndelay_off: 10
>> ldap_pvt_connect: 0
>> ldap_int_sasl_open: host=182.19.136.42
>> ldap_msgfree
>> ldap_err2string
>> ldap_unbind
>> ldap_free_connection 1 1
>> ldap_send_unbind
>> ldap_free_connection: actually freed
>> ldap_create
>> ldap_url_parse_ext(ldap:// 182.19.136.42:389)
>> ldap_sasl_interactive_bind: user selected: PLAIN
>> ldap_int_sasl_bind: PLAIN
>> ldap_new_connection 1 1 0
>> ldap_int_open_connection
>> ldap_connect_to_host: TCP 182.19.136.42:389
>> ldap_new_socket: 10
>> ldap_prepare_socket: 10
>> ldap_connect_to_host: Trying 182.19.136.42:389
>> ldap_pvt_connect: fd: 10 tm: 10 async: 0
>> ldap_ndelay_on: 10
>> attempting to connect:
>> connect errno: 115
>> ldap_int_poll: fd: 10 tm: 10
>> ldap_is_sock_ready: 10
>> ldap_ndelay_off: 10
>> ldap_pvt_connect: 0
>> ldap_int_sasl_open: host=182.19.136.42
>> ldap_msgfree
>> ldap_err2string
>> saslauthd[19271] :do_auth : auth failure: [user=testuser]
>> [service=slapd] [realm=] [mech=ldap] [reason=Unknown]
>> saslauthd[19271] :do_request : response: NO
>>
>
> On 12/31/15 11:43 -0600, Timothy Keith wrote:
>
>> attempting to connect:
>>> connect errno: 115
>>>
>>
>> *EINPROGRESS*
>>
>>
> That doesn't appear to be a critical piece of the problem. Notice libldap
> is polling and reporting the socket as ready.
>
> Trouble shoot this as a basic authentication problem between your unix
> server and the ldap server. I.e., attempt to reproduce a sasl plain
> authentication using ldapwhoami:
>
> ldapwhoami -Y PLAIN -H ldap://182.19.136.42 -U testuser
>
> Adjust to match your saslauthd ldap config.
>
> Assuming your connection is unencrypted, which is appears to be, performing
> a tcpdump/wireshark trace will help.
>
> --
> Dan White
>
