ldapdb: new entry makes old entries fail

Patrick Ben Koetter p at state-of-mind.de
Thu Aug 16 03:40:14 EDT 2007 

I am having a strange problem here, which at least I can't make any sense
from. Here's the situation:

I add an entry to my OpenLDAP directory
I successfully authenticate using ldapdb and the sample-server|client tools:

[root at netinstall ~]# sasl2-sample-client -s rcmd -p 1234 -m PLAIN localhost
receiving capability list... recv: {41}
PLAIN LOGIN CRAM-MD5 ANONYMOUS DIGEST-MD5
PLAIN LOGIN CRAM-MD5 ANONYMOUS DIGEST-MD5
please enter an authentication id: test at example.com
please enter an authorization id: test at example.com
Password:
send: {5}
PLAIN
send: {1}
Y
send: {38}
test at example.com[0]test at example.com[0]test
successful authentication
closing connection


Now I add another entry to my OpenLDAP directory
I successfully authenticate that new entry BUT (!) the first entry suddenly
doesn't authenticate anymore:

[root at netinstall ~]# sasl2-sample-client -s rcmd -p 1234 -m PLAIN localhost
receiving capability list... recv: {41}
PLAIN LOGIN CRAM-MD5 ANONYMOUS DIGEST-MD5
PLAIN LOGIN CRAM-MD5 ANONYMOUS DIGEST-MD5
please enter an authentication id: doe at example.com
please enter an authorization id: doe at example.com
Password:
send: {5}
PLAIN
send: {1}
Y
send: {35}
doe at example.com[0]doe at example.com[0]doe
successful authentication
closing connection


[root at netinstall ~]# sasl2-sample-client -s rcmd -p 1234 -m PLAIN localhost
receiving capability list... recv: {41}
PLAIN LOGIN CRAM-MD5 ANONYMOUS DIGEST-MD5
PLAIN LOGIN CRAM-MD5 ANONYMOUS DIGEST-MD5
please enter an authentication id: test at example.com
please enter an authorization id: test at example.com
Password:
send: {5}
PLAIN
send: {1}
Y
send: {38}
test at example.com[0]test at example.com[0]test
authentication failed
closing connection


System is:
    CentOS 5
Software used is:
    cyrus-sasl-2.1.22-4
    openldap-servers-2.3.27-5

I've put up a log (ACL filter config) of the test-transactions at

    <http://www.state-of-mind.de/slapd.log.txt>


Thanks,

p at rick

-- 
state of mind
Agentur für Kommunikation, Design und Softwareentwicklung

Patrick Koetter            Tel: 089 45227227
Echinger Strasse 3         Fax: 089 45227226
85386 Eching               Web: http://www.state-of-mind.de

Amtsgericht München        Partnerschaftsregister PR 563

More information about the Cyrus-sasl mailing list