Ganesh Murthy wrote
> This seems to be very similar to the problem I ran into while trying to
> setup LDAP. (I assume you have the latest cyrus-sasl-ldap library
> installed)
> Your configs look good. One thing you can do is to look at syslog output
> and see the error messages from cyrus-sasl. Take a look at the "*Q:* It's
> not working and won't tell me why! Help! " section in
> https://www.cyrusimap.org/docs/cyrus-sasl/2.1.23/sysadmin.php
> I remember when working on this a few months ago that there was a problem
> in the initialization code of cyrus-sasl-ldap. and found some log messages
> in syslog. I donwloaded the source code of cyrus-sasl-ldap and tried
> looking thru it but could not exactly pin point the problem, so I
> abandoned
> the effort
> (I seemed to have everything that the code was looking for but the
> initialization still failed.)
> 
> Please try looking at the syslog and reading the source code and see if
> you
> are able to figure out the problem.

Of note here, regarding on what I'm doing, is that I am running a RHEL7
machine, so need to do things the systemd way :-( My tough luck here is that
I'm not that familiar with systemd; 

After installing a few more packages, of note: cyrus-sasl-md5
cyrus-sasl-plain cyrus-sasl-scram and python-saslwrapper and restarting
saslauthd and qdrouterd I finally got it to log things in "syslog"

It appears that the plugin is missing, and for the life of me, I can't find
any package that should provide it:

qdstat -a --sasl-username=username --sasl-password=password
2018-04-10 16:49:11.966504 +0200 SERVER (info) Accepted connection to
0.0.0.0:5672 from 127.0.0.1:52900
Apr 10 16:49:11 myserver qdrouterd[9031]: DIGEST-MD5 server step 1
2018-04-10 16:49:11.969892 +0200 SERVER (info) Connection from
127.0.0.1:52900 (to 0.0.0.0:5672) failed: proton:io:sasl_error SASL(-4): no
mechanism available: unable to canonify user and get auxprops (Failed to
authenticate client [mech=DIGEST-MD5])
ConnectionException: Connection amqp://0.0.0.0:amqp/$management
disconnected: Condition('amqp:unauthorized-access', 'Authentication failed
[mech=DIGEST-MD5]')
Apr 10 16:49:11 myserver python[9081]: DIGEST-MD5 client step 2
Apr 10 16:49:11 myserver python[9081]: DIGEST-MD5 parse_server_challenge()
Apr 10 16:49:11 myserver python[9081]: DIGEST-MD5 ask_user_info()
Apr 10 16:49:11 myserver python[9081]: DIGEST-MD5 client step 2
Apr 10 16:49:11 myserver python[9081]: DIGEST-MD5 ask_user_info()
Apr 10 16:49:11 myserver python[9081]: DIGEST-MD5 make_client_response()
Apr 10 16:49:11 myserver python[9081]: DIGEST-MD5 create_layer_keys()
Apr 10 16:49:11 myserver qdrouterd[9031]: DIGEST-MD5 server step 2
Apr 10 16:49:11 myserver qdrouterd[9031]: could not find auxprop plugin, was
searching for 'ldapdb'
Apr 10 16:49:11 myserver qdrouterd[9031]: could not find auxprop plugin, was
searching for 'ldapdb'
Apr 10 16:49:11 myserver qdrouterd[9031]: unable to canonify user and get
auxprops
Apr 10 16:49:11 myserver qdrouterd[9031]: DIGEST-MD5 common mech dispose
Apr 10 16:49:11 myserver python[9081]: DIGEST-MD5 client mech dispose
Apr 10 16:49:11 myserver python[9081]: DIGEST-MD5 common mech dispose
Apr 10 16:49:11 myserver python[9081]: DIGEST-MD5 common mech free

I get a similar error "could not find auxprop plugin" when using "slapd";
this attempt is to use "ldapdb" in /etc/sasl2/qdrouterd.conf instead of
slapd. Internet is not yet helping me find any package that would provide
the plugin; Might be I have to revert to (re)compile some stuff; whether
that would be openldap or sasl, I am not yet sure, trying to read me through
these things.



--
Sent from: http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-f2158936.html

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org
For additional commands, e-mail: users-h...@qpid.apache.org

Reply via email to