On Mon, Apr 9, 2018 at 9:52 AM, mlange <mla...@anwb.nl> wrote:

> I went on and got a bit further, was hoping "to be there" though. Yet, no
> luck.
>
> So far, what I've been able to gather from around the interwebs, along with
> the new documentation (which is a huge step forward compared to the older
> documentation):
>
> I have configured openldap to use SASL (saslHost, extra mechanisms
> installed, and rewrite with olcAuthzRegexp for various sasl mechanisms)
>
> /etc/sasl2/qdrouterd.conf has been configured thus:
>
> pwcheck_method: auxprop
> auxprop_plugin: slapd
> ldapdb_uri: ldap://ldap.host
> # username and password are to be determined yet.
> ldapdb_id: username
> ldapdb_pw: password
> ldapdb_mech: DIGEST-MD5
>
> /etc/qpid-dispatch/qdrouterd.conf has the amqp listener configured thus:
> listener {
>         name: ontvangst
>         host: 0.0.0.0
>         port: 5672
>         role: normal
>         authenticatePeer: yes
>         saslMechanisms: EXTERNAL DIGEST-MD5
> }
>
> Yet, when I try to run a "qdstat -a --sasl-username=username
> --sasl-password=password --sasl-mechanisms=DIGEST-MD5"
> I get this response:
> ConnectionException: Connection amqp://0.0.0.0:amqp/$management
> disconnected: Condition('amqp:unauthorized-access', 'Authentication failed
> [mech=none]')
>
This seems to be very similar to the problem I ran into while trying to
setup LDAP. (I assume you have the latest cyrus-sasl-ldap library
installed)
Your configs look good. One thing you can do is to look at syslog output
and see the error messages from cyrus-sasl. Take a look at the "*Q:* It's
not working and won't tell me why! Help! " section in
https://www.cyrusimap.org/docs/cyrus-sasl/2.1.23/sysadmin.php
I remember when working on this a few months ago that there was a problem
in the initialization code of cyrus-sasl-ldap. and found some log messages
in syslog. I donwloaded the source code of cyrus-sasl-ldap and tried
looking thru it but could not exactly pin point the problem, so I abandoned
the effort
(I seemed to have everything that the code was looking for but the
initialization still failed.)

Please try looking at the syslog and reading the source code and see if you
are able to figure out the problem.

>
> I also added some log{ } entries, for a bunch of modules, but they don't
> seem to tell me what exactly happens and what is going wrong. What module
> should be used and probably also what level (could be I'm not seeing why
> due
> to a log level that's not telling the reason)
>
> The LDAP server itself is not the same server that hosts qpid-dispatch,
>
This should not matter (I think) but you could put the router on the same
machine as the LDAP host and see if it works.

> which may be making matters a bit more complicated, but there it is.
>

Goo luck!

>
>
>
>
> --
> Sent from: http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-
> f2158936.html
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org
> For additional commands, e-mail: users-h...@qpid.apache.org
>
>

Reply via email to