Fail to test uid of OpenLDAP with TLS...

Nguyen, Quoc Khanh khanhnq at saigontech.edu.vn
Fri May 27 05:45:27 EDT 2011


Ya... i'm starting with default threads.

/usr/local/etc/saslauthd.conf:
ldap_servers: ldap://localhost
ldap_bind_dn: cn=admin,dc=abc,dc=com
ldap_bind_pw: 123456789
ldap_search_base: dc=abc,dc=com
ldap_start_tls: yes
ldap_tls_cacert_dir: /var/myCA
ldap_tls_cacert_file: /var/myCA/cacert.crt
ldap_debug: -1

start LDAP:
root at ldap:~# /usr/local/openldap/libexec/slapd -h 'ldap:///'

start saslauthd:
root at ldap:~# /usr/local/sasl2/sbin/saslauthd -a ldap -O
/usr/local/etc/saslauthd.conf -d 
saslauthd[765] :main            : num_procs  : 5
saslauthd[765] :main            : mech_option:
/usr/local/etc/saslauthd.conf
saslauthd[765] :main            : run_path   : /var/run
saslauthd[765] :main            : auth_mech  : ldap
saslauthd[765] :ipc_init        : using accept lock file:
/var/run/mux.accept
saslauthd[765] :detach_tty      : master pid is: 0
saslauthd[765] :ipc_init        : listening on socket: /var/run/mux
saslauthd[765] :main            : using process model
saslauthd[765] :have_baby       : forked child: 766
saslauthd[765] :have_baby       : forked child: 767
saslauthd[765] :have_baby       : forked child: 768
saslauthd[765] :have_baby       : forked child: 769
saslauthd[765] :get_accept_lock : acquired accept lock

test uid:
root at ldap:~# /usr/local/sasl2/sbin/testsaslauthd -u khanhnq -p 123456
0: NO "authentication failed"

I have a debug result:
saslauthd[765] :rel_accept_lock : released accept lock
saslauthd[767] :get_accept_lock : acquired accept lock
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 10
ldap_prepare_socket: 10
ldap_connect_to_host: Trying ::1 389
ldap_pvt_connect: fd: 10 tm: 5 async: 0
ldap_ndelay_on: 10
ldap_int_poll: fd: 10 tm: 5
ldap_is_sock_ready: 10
ldap_ndelay_off: 10
ldap_pvt_connect: 0
ldap_open_defconn: successful
ldap_send_server_request
ldap_result ld 0x9cef220 msgid 1
wait4msg ld 0x9cef220 msgid 1 (infinite timeout)
wait4msg continue ld 0x9cef220 msgid 1 all 1
** ld 0x9cef220 Connections:
* host: localhost  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Fri May 27 16:40:05 2011


** ld 0x9cef220 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x9cef220 request count 1 (abandoned 0)
** ld 0x9cef220 Response Queue:
   Empty
  ld 0x9cef220 response count 0
ldap_chkResponseList ld 0x9cef220 msgid 1 all 1
ldap_chkResponseList returns ld 0x9cef220 NULL
ldap_int_select
read1msg: ld 0x9cef220 msgid 1 all 1
read1msg: ld 0x9cef220 msgid 1 message type extended-result
read1msg: ld 0x9cef220 0 new referrals
read1msg:  mark request completed, ld 0x9cef220 msgid 1
request done: ld 0x9cef220 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_extended_result
ldap_parse_result
ldap_msgfree
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 1, err: 0, subject:
/CN=abc.com/ST=HCM/C=VN/emailAddress=root at abc.com/O=SGT/OU=NW Department,
issuer: /CN=abc.com/ST=HCM/C=VN/emailAddress=root at abc.com/O=SGT/OU=NW
Department
TLS certificate verification: depth: 0, err: 7, subject:
/CN=abc.com/ST=HCM/C=VN/emailAddress=root at abc.com/O=SGT/OU=NW, issuer:
/CN=abc.com/ST=HCM/C=VN/emailAddress=root at abc.com/O=SGT/OU=NW Department
TLS certificate verification: Error, certificate signature failure
TLS trace: SSL3 alert write:fatal:decrypt error
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect: error:14090086:SSL routines:func(144):reason(134)
(certificate signature failure).
ldap_err2string
ldap_unbind
ldap_free_connection 1 1
ldap_send_unbind
ldap_free_connection: actually freed
saslauthd[765] :do_auth         : auth failure: [user=khanhnq]
[service=imap] [realm=] [mech=ldap] [reason=Unknown]
saslauthd[765] :do_request      : response: NO

What i'm doing wrong? 


Here is my ldapsearch result:
root at ldap:/usr/local/openldap/bin# ./ldapsearch -xLL -b dc=abc,dc=com
uid=khanhnq -d -1
ldap_create
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP abc.com:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying ::1 389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_dump: buf=0x9023e88 ptr=0x9023e88 end=0x9023e96 len=14
  0000:  30 0c 02 01 01 60 07 02  01 03 04 00 80 00         0....`........
  
ber_scanf fmt ({i) ber:
ber_dump: buf=0x9023e88 ptr=0x9023e8d end=0x9023e96 len=9
  0000:  60 07 02 01 03 04 00 80  00                        `........     
  
ber_flush2: 14 bytes to sd 3
  0000:  30 0c 02 01 01 60 07 02  01 03 04 00 80 00         0....`........
  
ldap_write: want=14, written=14
  0000:  30 0c 02 01 01 60 07 02  01 03 04 00 80 00         0....`........
  
ldap_result ld 0x901b540 msgid 1
wait4msg ld 0x901b540 msgid 1 (infinite timeout)
wait4msg continue ld 0x901b540 msgid 1 all 1
** ld 0x901b540 Connections:
* host: abc.com  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Fri May 27 16:42:21 2011


** ld 0x901b540 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x901b540 request count 1 (abandoned 0)
** ld 0x901b540 Response Queue:
   Empty
  ld 0x901b540 response count 0
ldap_chkResponseList ld 0x901b540 msgid 1 all 1
ldap_chkResponseList returns ld 0x901b540 NULL
ldap_int_select
read1msg: ld 0x901b540 msgid 1 all 1
ber_get_next
ldap_read: want=8, got=8
  0000:  30 0c 02 01 01 61 07 0a                            0....a..      
  
ldap_read: want=6, got=6
  0000:  01 00 04 00 04 00                                  ......        
  
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0x9025488 ptr=0x9025488 end=0x9025494 len=12
  0000:  02 01 01 61 07 0a 01 00  04 00 04 00               ...a........  
  
read1msg: ld 0x901b540 msgid 1 message type bind
ber_scanf fmt ({eAA) ber:
ber_dump: buf=0x9025488 ptr=0x902548b end=0x9025494 len=9
  0000:  61 07 0a 01 00 04 00 04  00                        a........     
  
read1msg: ld 0x901b540 0 new referrals
read1msg:  mark request completed, ld 0x901b540 msgid 1
request done: ld 0x901b540 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_dump: buf=0x9025488 ptr=0x902548b end=0x9025494 len=9
  0000:  61 07 0a 01 00 04 00 04  00                        a........     
  
ber_scanf fmt (}) ber:
ber_dump: buf=0x9025488 ptr=0x9025494 end=0x9025494 len=0

ldap_msgfree
version: 1

ldap_search_ext
put_filter: "uid=khanhnq"
put_filter: default
put_simple_filter: "uid=khanhnq"
ldap_build_search_req ATTRS: *
ldap_send_initial_request
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_dump: buf=0x9023e88 ptr=0x9023e88 end=0x9023ebf len=55
  0000:  30 35 02 01 02 63 30 04  0d 64 63 3d 61 62 63 2c  
05...c0..dc=abc,  
  0010:  64 63 3d 63 6f 6d 0a 01  02 0a 01 00 02 01 00 02  
dc=com..........  
  0020:  01 00 01 01 00 a3 0e 04  03 75 69 64 04 07 6b 68  
.........uid..kh  
  0030:  61 6e 68 6e 71 30 00                               anhnq0.       
  
ber_scanf fmt ({) ber:
ber_dump: buf=0x9023e88 ptr=0x9023e8d end=0x9023ebf len=50
  0000:  63 30 04 0d 64 63 3d 61  62 63 2c 64 63 3d 63 6f  
c0..dc=abc,dc=co  
  0010:  6d 0a 01 02 0a 01 00 02  01 00 02 01 00 01 01 00  
m...............  
  0020:  a3 0e 04 03 75 69 64 04  07 6b 68 61 6e 68 6e 71  
....uid..khanhnq  
  0030:  30 00                                              0.            
  
ber_flush2: 55 bytes to sd 3
  0000:  30 35 02 01 02 63 30 04  0d 64 63 3d 61 62 63 2c  
05...c0..dc=abc,  
  0010:  64 63 3d 63 6f 6d 0a 01  02 0a 01 00 02 01 00 02  
dc=com..........  
  0020:  01 00 01 01 00 a3 0e 04  03 75 69 64 04 07 6b 68  
.........uid..kh  
  0030:  61 6e 68 6e 71 30 00                               anhnq0.       
  
ldap_write: want=55, written=55
  0000:  30 35 02 01 02 63 30 04  0d 64 63 3d 61 62 63 2c  
05...c0..dc=abc,  
  0010:  64 63 3d 63 6f 6d 0a 01  02 0a 01 00 02 01 00 02  
dc=com..........  
  0020:  01 00 01 01 00 a3 0e 04  03 75 69 64 04 07 6b 68  
.........uid..kh  
  0030:  61 6e 68 6e 71 30 00                               anhnq0.       
  
ldap_result ld 0x901b540 msgid -1
wait4msg ld 0x901b540 msgid -1 (infinite timeout)
wait4msg continue ld 0x901b540 msgid -1 all 0
** ld 0x901b540 Connections:
* host: abc.com  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Fri May 27 16:42:21 2011


** ld 0x901b540 Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x901b540 request count 1 (abandoned 0)
** ld 0x901b540 Response Queue:
   Empty
  ld 0x901b540 response count 0
ldap_chkResponseList ld 0x901b540 msgid -1 all 0
ldap_chkResponseList returns ld 0x901b540 NULL
ldap_int_select
read1msg: ld 0x901b540 msgid -1 all 0
ber_get_next
ldap_read: want=8, got=8
  0000:  30 82 01 13 02 01 02 64                            0......d      
  
ldap_read: want=271, got=271
  0000:  82 01 0c 04 28 63 6e 3d  4b 68 61 6e 68 20 4e 67   ....(cn=Khanh
Ng  
  0010:  75 79 65 6e 2c 6f 75 3d  6e 65 74 77 6f 72 6b 2c  
uyen,ou=network,  
  0020:  64 63 3d 61 62 63 2c 64  63 3d 63 6f 6d 30 81 df  
dc=abc,dc=com0..  
  0030:  30 1e 04 0b 6f 62 6a 65  63 74 43 6c 61 73 73 31  
0...objectClass1  
  0040:  0f 04 0d 69 6e 65 74 4f  72 67 50 65 72 73 6f 6e  
...inetOrgPerson  
  0050:  30 27 04 02 63 6e 31 21  04 0c 4b 68 61 6e 68 20  
0'..cn1!..Khanh   
  0060:  4e 67 75 79 65 6e 04 11  4b 68 61 6e 68 20 4e 67   Nguyen..Khanh
Ng  
  0070:  75 79 65 6e 20 51 75 6f  63 30 0d 04 02 73 6e 31   uyen
Quoc0...sn1  
  0080:  07 04 05 4b 68 61 6e 68  30 10 04 03 75 69 64 31  
...Khanh0...uid1  
  0090:  09 04 07 6b 68 61 6e 68  6e 71 30 18 04 0c 75 73  
...khanhnq0...us  
  00a0:  65 72 50 61 73 73 77 6f  72 64 31 08 04 06 31 32  
erPassword1...12  
  00b0:  33 34 35 36 30 48 04 04  6d 61 69 6c 31 40 04 0f  
34560H..mail1 at ..  
  00c0:  6b 68 61 6e 68 6e 71 40  61 62 63 2e 63 6f 6d 04  
khanhnq at abc.com.  
  00d0:  12 6e 71 6b 32 38 37 30  33 40 79 61 68 6f 6f 2e  
.nqk28703 at yahoo.  
  00e0:  63 6f 6d 04 19 6b 68 61  6e 68 6e 71 40 73 61 69  
com..khanhnq at sai  
  00f0:  67 6f 6e 74 65 63 68 2e  65 64 75 2e 76 6e 30 0f  
gontech.edu.vn0.  
  0100:  04 02 6f 75 31 09 04 07  6e 65 74 77 6f 72 6b     
..ou1...network   
ber_get_next: tag 0x30 len 275 contents:
ber_dump: buf=0x90255f0 ptr=0x90255f0 end=0x9025703 len=275
  0000:  02 01 02 64 82 01 0c 04  28 63 6e 3d 4b 68 61 6e  
...d....(cn=Khan  
  0010:  68 20 4e 67 75 79 65 6e  2c 6f 75 3d 6e 65 74 77   h
Nguyen,ou=netw  
  0020:  6f 72 6b 2c 64 63 3d 61  62 63 2c 64 63 3d 63 6f  
ork,dc=abc,dc=co  
  0030:  6d 30 81 df 30 1e 04 0b  6f 62 6a 65 63 74 43 6c  
m0..0...objectCl  
  0040:  61 73 73 31 0f 04 0d 69  6e 65 74 4f 72 67 50 65  
ass1...inetOrgPe  
  0050:  72 73 6f 6e 30 27 04 02  63 6e 31 21 04 0c 4b 68  
rson0'..cn1!..Kh  
  0060:  61 6e 68 20 4e 67 75 79  65 6e 04 11 4b 68 61 6e   anh
Nguyen..Khan  
  0070:  68 20 4e 67 75 79 65 6e  20 51 75 6f 63 30 0d 04   h Nguyen
Quoc0..  
  0080:  02 73 6e 31 07 04 05 4b  68 61 6e 68 30 10 04 03  
.sn1...Khanh0...  
  0090:  75 69 64 31 09 04 07 6b  68 61 6e 68 6e 71 30 18  
uid1...khanhnq0.  
  00a0:  04 0c 75 73 65 72 50 61  73 73 77 6f 72 64 31 08  
..userPassword1.  
  00b0:  04 06 31 32 33 34 35 36  30 48 04 04 6d 61 69 6c  
..1234560H..mail  
  00c0:  31 40 04 0f 6b 68 61 6e  68 6e 71 40 61 62 63 2e  
1 at ..khanhnq@abc.  
  00d0:  63 6f 6d 04 12 6e 71 6b  32 38 37 30 33 40 79 61  
com..nqk28703 at ya  
  00e0:  68 6f 6f 2e 63 6f 6d 04  19 6b 68 61 6e 68 6e 71  
hoo.com..khanhnq  
  00f0:  40 73 61 69 67 6f 6e 74  65 63 68 2e 65 64 75 2e  
@saigontech.edu.  
  0100:  76 6e 30 0f 04 02 6f 75  31 09 04 07 6e 65 74 77  
vn0...ou1...netw  
  0110:  6f 72 6b                                           ork           
  
read1msg: ld 0x901b540 msgid 2 message type search-entry
ldap_get_dn_ber
ber_scanf fmt ({ml{) ber:
ber_dump: buf=0x90255f0 ptr=0x90255f3 end=0x9025703 len=272
  0000:  64 82 01 0c 04 28 63 6e  3d 4b 68 61 6e 68 20 4e   d....(cn=Khanh
N  
  0010:  67 75 79 65 6e 2c 6f 75  3d 6e 65 74 77 6f 72 6b  
guyen,ou=network  
  0020:  2c 64 63 3d 61 62 63 2c  64 63 3d 63 6f 6d 30 81  
,dc=abc,dc=com0.  
  0030:  df 30 1e 04 0b 6f 62 6a  65 63 74 43 6c 61 73 73  
.0...objectClass  
  0040:  31 0f 04 0d 69 6e 65 74  4f 72 67 50 65 72 73 6f  
1...inetOrgPerso  
  0050:  6e 30 27 04 02 63 6e 31  21 04 0c 4b 68 61 6e 68  
n0'..cn1!..Khanh  
  0060:  20 4e 67 75 79 65 6e 04  11 4b 68 61 6e 68 20 4e    Nguyen..Khanh
N  
  0070:  67 75 79 65 6e 20 51 75  6f 63 30 0d 04 02 73 6e   guyen
Quoc0...sn  
  0080:  31 07 04 05 4b 68 61 6e  68 30 10 04 03 75 69 64  
1...Khanh0...uid  
  0090:  31 09 04 07 6b 68 61 6e  68 6e 71 30 18 04 0c 75  
1...khanhnq0...u  
  00a0:  73 65 72 50 61 73 73 77  6f 72 64 31 08 04 06 31  
serPassword1...1  
  00b0:  32 33 34 35 36 30 48 04  04 6d 61 69 6c 31 40 04  
234560H..mail1 at .  
  00c0:  0f 6b 68 61 6e 68 6e 71  40 61 62 63 2e 63 6f 6d  
.khanhnq at abc.com  
  00d0:  04 12 6e 71 6b 32 38 37  30 33 40 79 61 68 6f 6f  
..nqk28703 at yahoo  
  00e0:  2e 63 6f 6d 04 19 6b 68  61 6e 68 6e 71 40 73 61  
.com..khanhnq at sa  
  00f0:  69 67 6f 6e 74 65 63 68  2e 65 64 75 2e 76 6e 30  
igontech.edu.vn0  
  0100:  0f 04 02 6f 75 31 09 04  07 6e 65 74 77 6f 72 6b  
...ou1...network  
dn: cn=Khanh Nguyen,ou=network,dc=abc,dc=com
ber_scanf fmt ({xx) ber:
ber_dump: buf=0x90255f0 ptr=0x90255f3 end=0x9025703 len=272
  0000:  64 82 01 0c 04 28 63 6e  3d 4b 68 61 6e 68 20 4e   d....(cn=Khanh
N  
  0010:  67 75 79 65 6e 2c 6f 75  3d 6e 65 74 77 6f 72 6b  
guyen,ou=network  
  0020:  2c 64 63 3d 61 62 63 2c  64 63 3d 63 6f 6d 00 81  
,dc=abc,dc=com..  
  0030:  df 30 1e 04 0b 6f 62 6a  65 63 74 43 6c 61 73 73  
.0...objectClass  
  0040:  31 0f 04 0d 69 6e 65 74  4f 72 67 50 65 72 73 6f  
1...inetOrgPerso  
  0050:  6e 30 27 04 02 63 6e 31  21 04 0c 4b 68 61 6e 68  
n0'..cn1!..Khanh  
  0060:  20 4e 67 75 79 65 6e 04  11 4b 68 61 6e 68 20 4e    Nguyen..Khanh
N  
  0070:  67 75 79 65 6e 20 51 75  6f 63 30 0d 04 02 73 6e   guyen
Quoc0...sn  
  0080:  31 07 04 05 4b 68 61 6e  68 30 10 04 03 75 69 64  
1...Khanh0...uid  
  0090:  31 09 04 07 6b 68 61 6e  68 6e 71 30 18 04 0c 75  
1...khanhnq0...u  
  00a0:  73 65 72 50 61 73 73 77  6f 72 64 31 08 04 06 31  
serPassword1...1  
  00b0:  32 33 34 35 36 30 48 04  04 6d 61 69 6c 31 40 04  
234560H..mail1 at .  
  00c0:  0f 6b 68 61 6e 68 6e 71  40 61 62 63 2e 63 6f 6d  
.khanhnq at abc.com  
  00d0:  04 12 6e 71 6b 32 38 37  30 33 40 79 61 68 6f 6f  
..nqk28703 at yahoo  
  00e0:  2e 63 6f 6d 04 19 6b 68  61 6e 68 6e 71 40 73 61  
.com..khanhnq at sa  
  00f0:  69 67 6f 6e 74 65 63 68  2e 65 64 75 2e 76 6e 30  
igontech.edu.vn0  
  0100:  0f 04 02 6f 75 31 09 04  07 6e 65 74 77 6f 72 6b  
...ou1...network  
ldap_get_attribute_ber
ber_scanf fmt ({mM}) ber:
ber_dump: buf=0x90255f0 ptr=0x9025624 end=0x9025703 len=223
  0000:  30 1e 04 0b 6f 62 6a 65  63 74 43 6c 61 73 73 31  
0...objectClass1  
  0010:  0f 04 0d 69 6e 65 74 4f  72 67 50 65 72 73 6f 6e  
...inetOrgPerson  
  0020:  30 27 04 02 63 6e 31 21  04 0c 4b 68 61 6e 68 20  
0'..cn1!..Khanh   
  0030:  4e 67 75 79 65 6e 04 11  4b 68 61 6e 68 20 4e 67   Nguyen..Khanh
Ng  
  0040:  75 79 65 6e 20 51 75 6f  63 30 0d 04 02 73 6e 31   uyen
Quoc0...sn1  
  0050:  07 04 05 4b 68 61 6e 68  30 10 04 03 75 69 64 31  
...Khanh0...uid1  
  0060:  09 04 07 6b 68 61 6e 68  6e 71 30 18 04 0c 75 73  
...khanhnq0...us  
  0070:  65 72 50 61 73 73 77 6f  72 64 31 08 04 06 31 32  
erPassword1...12  
  0080:  33 34 35 36 30 48 04 04  6d 61 69 6c 31 40 04 0f  
34560H..mail1 at ..  
  0090:  6b 68 61 6e 68 6e 71 40  61 62 63 2e 63 6f 6d 04  
khanhnq at abc.com.  
  00a0:  12 6e 71 6b 32 38 37 30  33 40 79 61 68 6f 6f 2e  
.nqk28703 at yahoo.  
  00b0:  63 6f 6d 04 19 6b 68 61  6e 68 6e 71 40 73 61 69  
com..khanhnq at sai  
  00c0:  67 6f 6e 74 65 63 68 2e  65 64 75 2e 76 6e 30 0f  
gontech.edu.vn0.  
  00d0:  04 02 6f 75 31 09 04 07  6e 65 74 77 6f 72 6b     
..ou1...network   
objectClass: inetOrgPerson
ldap_get_attribute_ber
ber_scanf fmt ({mM}) ber:
ber_dump: buf=0x90255f0 ptr=0x9025644 end=0x9025703 len=191
  0000:  00 27 04 02 63 6e 31 21  04 0c 4b 68 61 6e 68 20  
.'..cn1!..Khanh   
  0010:  4e 67 75 79 65 6e 04 11  4b 68 61 6e 68 20 4e 67   Nguyen..Khanh
Ng  
  0020:  75 79 65 6e 20 51 75 6f  63 30 0d 04 02 73 6e 31   uyen
Quoc0...sn1  
  0030:  07 04 05 4b 68 61 6e 68  30 10 04 03 75 69 64 31  
...Khanh0...uid1  
  0040:  09 04 07 6b 68 61 6e 68  6e 71 30 18 04 0c 75 73  
...khanhnq0...us  
  0050:  65 72 50 61 73 73 77 6f  72 64 31 08 04 06 31 32  
erPassword1...12  
  0060:  33 34 35 36 30 48 04 04  6d 61 69 6c 31 40 04 0f  
34560H..mail1 at ..  
  0070:  6b 68 61 6e 68 6e 71 40  61 62 63 2e 63 6f 6d 04  
khanhnq at abc.com.  
  0080:  12 6e 71 6b 32 38 37 30  33 40 79 61 68 6f 6f 2e  
.nqk28703 at yahoo.  
  0090:  63 6f 6d 04 19 6b 68 61  6e 68 6e 71 40 73 61 69  
com..khanhnq at sai  
  00a0:  67 6f 6e 74 65 63 68 2e  65 64 75 2e 76 6e 30 0f  
gontech.edu.vn0.  
  00b0:  04 02 6f 75 31 09 04 07  6e 65 74 77 6f 72 6b     
..ou1...network   
cn: Khanh Nguyen
cn: Khanh Nguyen Quoc
ldap_get_attribute_ber
ber_scanf fmt ({mM}) ber:
ber_dump: buf=0x90255f0 ptr=0x902566d end=0x9025703 len=150
  0000:  00 0d 04 02 73 6e 31 07  04 05 4b 68 61 6e 68 30  
....sn1...Khanh0  
  0010:  10 04 03 75 69 64 31 09  04 07 6b 68 61 6e 68 6e  
...uid1...khanhn  
  0020:  71 30 18 04 0c 75 73 65  72 50 61 73 73 77 6f 72  
q0...userPasswor  
  0030:  64 31 08 04 06 31 32 33  34 35 36 30 48 04 04 6d  
d1...1234560H..m  
  0040:  61 69 6c 31 40 04 0f 6b  68 61 6e 68 6e 71 40 61  
ail1 at ..khanhnq@a  
  0050:  62 63 2e 63 6f 6d 04 12  6e 71 6b 32 38 37 30 33  
bc.com..nqk28703  
  0060:  40 79 61 68 6f 6f 2e 63  6f 6d 04 19 6b 68 61 6e  
@yahoo.com..khan  
  0070:  68 6e 71 40 73 61 69 67  6f 6e 74 65 63 68 2e 65  
hnq at saigontech.e  
  0080:  64 75 2e 76 6e 30 0f 04  02 6f 75 31 09 04 07 6e  
du.vn0...ou1...n  
  0090:  65 74 77 6f 72 6b                                  etwork        
  
sn: Khanh
ldap_get_attribute_ber
ber_scanf fmt ({mM}) ber:
ber_dump: buf=0x90255f0 ptr=0x902567c end=0x9025703 len=135
  0000:  00 10 04 03 75 69 64 31  09 04 07 6b 68 61 6e 68  
....uid1...khanh  
  0010:  6e 71 30 18 04 0c 75 73  65 72 50 61 73 73 77 6f  
nq0...userPasswo  
  0020:  72 64 31 08 04 06 31 32  33 34 35 36 30 48 04 04  
rd1...1234560H..  
  0030:  6d 61 69 6c 31 40 04 0f  6b 68 61 6e 68 6e 71 40  
mail1 at ..khanhnq@  
  0040:  61 62 63 2e 63 6f 6d 04  12 6e 71 6b 32 38 37 30  
abc.com..nqk2870  
  0050:  33 40 79 61 68 6f 6f 2e  63 6f 6d 04 19 6b 68 61  
3 at yahoo.com..kha  
  0060:  6e 68 6e 71 40 73 61 69  67 6f 6e 74 65 63 68 2e  
nhnq at saigontech.  
  0070:  65 64 75 2e 76 6e 30 0f  04 02 6f 75 31 09 04 07  
edu.vn0...ou1...  
  0080:  6e 65 74 77 6f 72 6b                               network       
  
uid: khanhnq
ldap_get_attribute_ber
ber_scanf fmt ({mM}) ber:
ber_dump: buf=0x90255f0 ptr=0x902568e end=0x9025703 len=117
  0000:  00 18 04 0c 75 73 65 72  50 61 73 73 77 6f 72 64  
....userPassword  
  0010:  31 08 04 06 31 32 33 34  35 36 30 48 04 04 6d 61  
1...1234560H..ma  
  0020:  69 6c 31 40 04 0f 6b 68  61 6e 68 6e 71 40 61 62  
il1 at ..khanhnq@ab  
  0030:  63 2e 63 6f 6d 04 12 6e  71 6b 32 38 37 30 33 40  
c.com..nqk28703@  
  0040:  79 61 68 6f 6f 2e 63 6f  6d 04 19 6b 68 61 6e 68  
yahoo.com..khanh  
  0050:  6e 71 40 73 61 69 67 6f  6e 74 65 63 68 2e 65 64  
nq at saigontech.ed  
  0060:  75 2e 76 6e 30 0f 04 02  6f 75 31 09 04 07 6e 65  
u.vn0...ou1...ne  
  0070:  74 77 6f 72 6b                                     twork         
  
userPassword:: MTIzNDU2
ldap_get_attribute_ber
ber_scanf fmt ({mM}) ber:
ber_dump: buf=0x90255f0 ptr=0x90256a8 end=0x9025703 len=91
  0000:  00 48 04 04 6d 61 69 6c  31 40 04 0f 6b 68 61 6e  
.H..mail1 at ..khan  
  0010:  68 6e 71 40 61 62 63 2e  63 6f 6d 04 12 6e 71 6b  
hnq at abc.com..nqk  
  0020:  32 38 37 30 33 40 79 61  68 6f 6f 2e 63 6f 6d 04  
28703 at yahoo.com.  
  0030:  19 6b 68 61 6e 68 6e 71  40 73 61 69 67 6f 6e 74  
.khanhnq at saigont  
  0040:  65 63 68 2e 65 64 75 2e  76 6e 30 0f 04 02 6f 75  
ech.edu.vn0...ou  
  0050:  31 09 04 07 6e 65 74 77  6f 72 6b                  1...network   
  
mail: khanhnq at abc.com
mail: nqk28703 at yahoo.com
mail: khanhnq at saigontech.edu.vn
ldap_get_attribute_ber
ber_scanf fmt ({mM}) ber:
ber_dump: buf=0x90255f0 ptr=0x90256f2 end=0x9025703 len=17
  0000:  00 0f 04 02 6f 75 31 09  04 07 6e 65 74 77 6f 72  
....ou1...networ  
  0010:  6b                                                 k             
  
ou: network
ldap_get_attribute_ber
ldap_msgfree
ldap_result ld 0x901b540 msgid -1
wait4msg ld 0x901b540 msgid -1 (infinite timeout)
wait4msg continue ld 0x901b540 msgid -1 all 0
** ld 0x901b540 Connections:
* host: abc.com  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Fri May 27 16:42:21 2011


** ld 0x901b540 Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x901b540 request count 1 (abandoned 0)
** ld 0x901b540 Response Queue:
   Empty
  ld 0x901b540 response count 0
ldap_chkResponseList ld 0x901b540 msgid -1 all 0
ldap_chkResponseList returns ld 0x901b540 NULL
ldap_int_select
read1msg: ld 0x901b540 msgid -1 all 0
ber_get_next
ldap_read: want=8, got=8
  0000:  30 0c 02 01 02 65 07 0a                            0....e..      
  
ldap_read: want=6, got=6
  0000:  01 00 04 00 04 00                                  ......        
  
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0x90252d8 ptr=0x90252d8 end=0x90252e4 len=12
  0000:  02 01 02 65 07 0a 01 00  04 00 04 00               ...e........  
  
read1msg: ld 0x901b540 msgid 2 message type search-result
ber_scanf fmt ({eAA) ber:
ber_dump: buf=0x90252d8 ptr=0x90252db end=0x90252e4 len=9
  0000:  65 07 0a 01 00 04 00 04  00                        e........     
  
read1msg: ld 0x901b540 0 new referrals
read1msg:  mark request completed, ld 0x901b540 msgid 2
request done: ld 0x901b540 msgid 2
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 2, msgid 2)

ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_dump: buf=0x90252d8 ptr=0x90252db end=0x90252e4 len=9
  0000:  65 07 0a 01 00 04 00 04  00                        e........     
  
ber_scanf fmt (}) ber:
ber_dump: buf=0x90252d8 ptr=0x90252e4 end=0x90252e4 len=0

ldap_msgfree
ldap_free_connection 1 1
ldap_send_unbind
ber_flush2: 7 bytes to sd 3
  0000:  30 05 02 01 03 42 00                               0....B.       
  
ldap_write: want=7, written=7
  0000:  30 05 02 01 03 42 00                               0....B.       
  
ldap_free_connection: actually freed

Please help,

Best Regards,

-- 
***********************************
    EVERYTHING HAS JUST BEGUN...

On Thu, 26 May 2011 13:13:49 -0500, Dan White <dwhite at olp.net> wrote:
> On 26/05/11 16:50 +0700, Nguyen, Quoc Khanh wrote:
>>Oh, my god... It's failed... too. When i checked TLS/SSL by ldapsearch
and
>>it worked OK...
>>I... I'm so confusing about this problem. After relax for a while, i
>>decide to go back for your way: use STARTTLS. And when i tested for many
>>times, i have a result:
>>
>>root at ldap:/usr/local/sasl2/sbin# ./testsaslauthd -u khanhnq -p 123456
>>0: NO "authentication failed"
>>root at ldap:/usr/local/sasl2/sbin# ./testsaslauthd -u khanhnq -p 123456
>>0: OK "Success."
>>root at ldap:/usr/local/sasl2/sbin# ./testsaslauthd -u khanhnq -p 123456
>>0: NO "authentication failed"
>>root at ldap:/usr/local/sasl2/sbin# ./testsaslauthd -u khanhnq -p 123456
>>0: NO "authentication failed"
>>root at ldap:/usr/local/sasl2/sbin# ./testsaslauthd -u khanhnq -p 123456
>>0: OK "Success."
>>root at ldap:/usr/local/sasl2/sbin# ./testsaslauthd -u khanhnq -p 123456
>>0: NO "authentication failed"
>>root at ldap:/usr/local/sasl2/sbin# ./testsaslauthd -u khanhnq -p 123456
>>0: OK "Success."
> 
> How many threads (saslauthd option -n) are you starting? Does it make
any
> difference if you set that value to 0, 1, or a higher number than 5 (the
> default)?
> 
> To help debug, try running saslauthd with '-d', and add this
> (undocumented) command to your saslauthd.conf:
> 
> ldap_debug: -1


More information about the Cyrus-sasl mailing list