Failing at 1st test-the-SASL-server steps
Ric
relentless at hush.com
Fri Sep 5 12:16:24 EDT 2008
Hi Sean,
On Fri, 05 Sep 2008 08:14:31 -0700 Sean O'Malley <omalleys at msu.edu>
wrote:
>It is better in the fact, you are pretty sure you have a
>configuration issue and you are connecting :)
I'm not so sure I'm connecting to the right server :-/
>You may need -u <username> for the client piece which corresponds
>to your kerberos principal.
What should "-u <username>" be an option to? Usage for the sample
client & server apps says just,
usage: client [-p port] [-s service] [-m mech] host
usage: server [-p port] [-s service] [-m mech]
>You actually need '-s slapd'
My understanding was that the (service) had to be defined in
/etc/services.
On my standard install,
egrep -i "ldap|slapd" /etc/services
ldap 389/tcp # Lightweight Directory Access Protocol
ldap 389/udp # Lightweight Directory Access Protocol
ldaps 636/tcp # ldap protocol over TLS/SSL (was
sldap)
ldaps 636/udp # ldap protocol over TLS/SSL (was
sldap)
www-ldap-gw 1760/tcp # www-ldap-gw
www-ldap-gw 1760/udp # www-ldap-gw
msft-gc-ssl 3269/tcp # Microsoft Global Catalog with
LDAP/SSL
msft-gc-ssl 3269/udp # Microsoft Global Catalog with
LDAP/SSL
ldap-admin 3407/tcp # LDAP admin server port
ldap-admin 3407/udp # LDAP admin server port
bmc_ctd_ldap 6301/tcp # BMC CONTROL-D LDAP SERVER
bmc_ctd_ldap 6301/udp # BMC CONTROL-D LDAP SERVER
So, 'ldap' exsits there -- and I used it. 'slapd' does not -- So
do I have to add something to /etc/services, and then use that?
> and a corresponding slapd.conf
> in /usr/lib/sasl2/slapd.conf
Reading @ cyrus-sasl's docs/sysadmin.html,
"The default configuration file
By default, the Cyrus SASL library reads it's options from
/usr/lib/sasl2/App.conf (where "App" is the application defined
name of the application). For instance, Sendmail reads it's
configuration from "/usr/lib/sasl2/Sendmail.conf" and the sample
server application included with the library looks in
"/usr/lib/sasl2/sample.conf"."
So, which do I need?
/usr/lib/sasl2/slapd.conf
/usr/lib/sasl2/sample.conf
or,
/usr/lib/sasl2/cyrus_sasl_sample_server.conf
Also, on my system,
locate slapd.conf
/etc/openldap/slapd.conf
/etc/sasl2/slapd.conf
/usr/share/man/man5/slapd.conf.5.gz
Note that the sasl2's slapd.conf is, by default, apparently in
/etc/sasl2/, not in /usr/lib/sasl2, which both you & the docs
reference.
Finally,
find /usr -type d | grep sasl | grep lib
/usr/lib64/sasl2
>that simply reads something like:
>mech_list: GSSAPI
Given the confusion above, for a test I simply covered all bases
... following as best I can what I've found on the web,
vi /usr/lib64/sasl2/slapd.conf
log_level: 7
pwcheck_method: auxprop
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 GSSAPI
auxprop_plugin: sasldb
sasldb_path: /etc/sasldb2
then,
setenv F /usr/lib64/sasl2/slapd.conf
mkdir /usr/lib/sasl2
cp -f $F /usr/lib/sasl2/slapd.conf
cp -f $F /usr/lib/sasl2/sample.conf
cp -f $F /usr/lib/sasl2/cyrus_sasl_sample_server.conf
cp -f $F /etc/sasl2/slapd.conf
cp -f $F /etc/sasl2/sample.conf
cp -f $F /etc/sasl2/cyrus_sasl_sample_server.conf
With all that, I see just
cyrus_sasl_sample_server -p 389 -s ldap -m GSSAPI
trying 2, 1, 6
bind: Address already in use
trying 10, 1, 6
socket: Address family not supported by protocol
Couldn't bind to any socket
service ldap stop
Shutting down ldap-server
done
cyrus_sasl_sample_server -p 389 -s ldap -m GSSAPI
trying 2, 1, 6
trying 10, 1, 6
socket: Address family not supported by protocol
@ syslog:
Sep 5 09:08:31 dirsvr cyrus_sasl_sample_server: auxpropfunc error
invalid parameter supplied
Sep 5 09:08:31 dirsvr cyrus_sasl_sample_server: _sasl_plugin_load
failed on sasl_auxprop_plug_init for plugin: ldapdb
and,
cyrus_sasl_sample_client -p 389 -s ldap -m GSSAPI dirsvr.domain.com
connect: Connection refused
service ldap start
Starting ldap-server
done
cyrus_sasl_sample_client -p 389 -s ldap -m GSSAPI dirsvr.domain.com
@ syslog:
Sep 5 09:13:16 dirsvr slapd[30574]: conn=2 fd=11 ACCEPT from
IP=10.0.1.16:48946 (IP=10.0.1.16:389)
>I can't find my notes atm. but that should give you a couple of
>more things to try.
The docs seem to me to be a mess; at least, they're horribly
confusing.
Thanks for your help!
Ric
--
Click here to become certified in medical billing and training at these schools.
http://tagline.hushmail.com/fc/Ioyw6h4frUjQf5M0HIILZ64Z3Gw4qUKNh4BsVeh6W1xpD3eLQ0FCdc/
More information about the Cyrus-sasl
mailing list