setup problems

Thu Aug 21 08:47:22 EDT 2008

Dan
many many thanks for I succeed, at least partially.

Firstly I added slapd.conf to the sasl default dir with the (unique)
parameter:
sasl_mech: xmech
Then I stopped and restarted slapd

I had some trouble in understanding what is my ldap URI of the ldapsearch
command and eventually I skip it by truning the command into:

ldapsearch -x -h localhost -s "base" -b "" supportedSASLMechanisms
response was:

# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: supportedSASLMechanisms
#
#
dn:
supportedSASLMechanisms: XMECH
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1

moreover:
if I omitted -x (that is to say ldapsearch --h localhost -s "base" -b ""
supportedSASLMechanisms)
my xmech is got called by the ldapsearch command, as you said , tht proven
by the following functions recording themselves into xmech log:
20080820155638 xmech_client_plug_init
20080820155638 xmech_client_mech_new
20080820155638 xmech_client_mech_step
20080820155638 xmech_client_mech_step
20080820155638 xmech_client_dispose

I just notice that, compared with xmech functions called by sample client,
no server functions (xmech_server_mech_new xmech_server_mech_step
xmech_server_mech_step) are triggered .

What is missing is:
1) my JXplorer *OpenLDAP client authentication doesn't call the xmech* (the
log remains untouched)
2) the server functions are not called

Dan I want to thank you for your precious indications.

Does anybody know what I'm missing to have JXplorer behave as ldapsearch,
that is to say to authenticate people through the xmech?

Many Thanks

Francesco

2008/8/20 Dan White <dwhite at olp.net>

> Francesco Grossi wrote:
>
>> I've set up my prototype mechanism xmech (by writing xmech.c and
>> xmech_init.c and creating libxmech.so & libxmech.la) and call it by the
>> sample SASL Cyrus client and server so that client.c and server.c seem
>> working fine (referencing -m x) when used alone: I've
>> logged callback functions of my xmech.c and the following is recorded
>> during
>> login phase:
>> xmech_client_plug_init
>> xmech_client_mech_new
>> xmech_client_mech_step
>> xmech_server_mech_new
>> xmech_server_mech_step
>> xmech_server_mech_step.
>>
>> here's my problem:
>> How can I instruct OpenLpap to call SASL and my xmech mechanism. When I
>> log
>> into OpenLDAP the native authentication takes place. How can I make
>> OpenLDAP
>> route authentication towards SALS (and SASL towards xmech)?
>>
>> I've benn through some web pages and got out something about slapd.conf
>> and
>> its sasl parameters, sasl-regexp in particular.
>>
>>
> You can restrict which mechanisms are offered by configuring sasl_mech in
> your sasl slapd.conf (not to be confused with the OpenLDAP slapd.conf
> configuration file).
>
> The default location for that file is in /usr/lib/sasl2/. It should be the
> location that was specified with the --with-configdir configure option when
> you compiled sasl.
>
> The following would restrict your offered mechanims to xmech:
>
> sasl_mech: xmech
>
> However, if not specified, it should offer all installed mechanisms. I'd
> recommend running 'pluginviewer' on the server and client systems to verify
> the mechanism got installed. Also, you can do:
>
> ldapsearch -x -H ldap://ldap.example.com -LLL -s "base" -b ""
> supportedSASLMechanisms
>
> to find out if the server is offering the mechanism.
>
> You can force ldapsearch to use a specific mechanism with the '-Y' option,
> or you can specify it in ~/.ldaprc (see man ldap.conf):
>
> SASL_MECH xmech
>
> Do not specify '-x' in your ldapsearch to force it to use SASL.
>
> - Dan
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.andrew.cmu.edu/mailman/private/cyrus-sasl/attachments/20080821/567d26e0/attachment.html 