Hi,
I'am using
perl-5.10.0
Net::LDAP version 0.39
Authen::SASL version 2.12
My script does not initiate a strong bind, while a strong bind with
ldapsearch succeeds, what is wrong with my script? Or with perl-5.10,
as am not sure but I think this script has been working with perl-5.8
My script:
,----[ perl script ]
| $ldap = Net::LDAP->new("$host",
| async => 1,
| version => 3
| ) or die "$@";
|
| $sasl = Authen::SASL->new(
| mechanism => 'DIGEST-MD5',
| debug => 4,
| callback => {
| user => 'dieter',
| pass => 'secret'
| }
| ) or die "$@";
| $msg = $ldap->bind(sasl => $sasl);
| $msg->code && $msg->error;
|
| $result = $ldap->search(
| base => $basedn,
| scope => $scope,
| filter => $filter,
| attrs => ["$attrs[0]","$attrs[1]","$attrs[2]","$attrs[3]" ]
| );
| ....
`----
The output of perl debugging shows
,----[ Debugging ]
| DB<19> x $ldap
| 0 Net::LDAP=HASH(0xfee860)
| 'net_ldap_async' => 1
| 'net_ldap_debug' => 0
| 'net_ldap_host' => 'localhost'
| 'net_ldap_port' => 389
| 'net_ldap_refcnt' => 1
| 'net_ldap_resp' => HASH(0x1117638)
| empty hash
| 'net_ldap_scheme' => 'ldap'
| 'net_ldap_socket' => IO::Socket::INET=GLOB(0x128cd40)
| -> *Symbol::GEN0
| FileHandle({*Symbol::GEN0}) => fileno(3)
| 'net_ldap_uri' => 'localhost'
| 'net_ldap_version' => 3
|
| DB<22> x $sasl
| 0 Authen::SASL=HASH(0x128ce60)
| 'callback' => HASH(0x104bf90)
| 'pass' => 'secret'
| 'user' => 'dieter'
| 'debug' => 4
| 'mechanism' => 'DIGEST-MD5'
| DB<23> !22
`----
My slapd log file does not show a sasl bind operation, in fact no bind
operation at all. This is the log of a successful sasl bind of
ldapsearch with the same credentials as the perl script:
,----[ successful sasl bind ]
| conn=0 fd=15 ACCEPT from IP=127.0.0.1:59521 (IP=0.0.0.0:389)
| conn=0 op=0 BIND dn="" method=163
| do_bind: dn () SASL mech DIGEST-MD5
| ==> sasl_bind: dn="" mech=DIGEST-MD5 datalen=0
| SASL [conn=0] Debug: DIGEST-MD5 server step 1
| send_ldap_sasl: err=14 len=185
| send_ldap_response: msgid=1 tag=97 err=14
| conn=0 op=1 BIND dn="" method=163
| do_bind: dn () SASL mech DIGEST-MD5
| ==> sasl_bind: dn="" mech=<continuing> datalen=271
| SASL [conn=0] Debug: DIGEST-MD5 server step 2
| SASL Canonicalize [conn=0]: authcid="dieter"
| slap_sasl_getdn: conn 0 id=dieter [len=6]
| => ldap_dn2bv(16)
| <= ldap_dn2bv(uid=dieter,cn=DIGEST-MD5,cn=auth)=0
| do_bind: SASL/DIGEST-MD5 bind: dn="cn=dieter kluenter,ou=partner,o=avci,c=de"
sasl_ssf=128
`----
And here the log of an anonymous search resulting from my script:
conn=0 fd=15 ACCEPT from IP=127.0.0.1:42123 (IP=0.0.0.0:389)
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
...
Here starts the search, without any prior bind operation
SRCH "cn=Mailinglisten,cn=Dieter Kluenter,ou=Partner,o=avci,c=de" 1 2
And now checking the access rules, due to my ACL anonymous read is not
allowed, thus error 32.
<= check a_dn_pat: *
<= acl_mask: [3] applying none(=0) (stop)
<= acl_mask: [3] mask: none(=0)
=> slap_access_allowed: search access denied by none(=0)
=> access_allowed: no more rules
send_ldap_result: conn=0 op=0 p=3
send_ldap_result: err=32 matched="" text=""
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dpunkt.de/buecher/2104.html
sip: +49.180.1555.7770535
GPG Key ID:8EF7B6C6
53°08'09,95"N
10°08'02,42"E
