Fail to test uid of OpenLDAP with TLS...
Nguyen, Quoc Khanh
khanhnq at saigontech.edu.vn
Fri May 27 05:45:27 EDT 2011
Ya... i'm starting with default threads.
/usr/local/etc/saslauthd.conf:
ldap_servers: ldap://localhost
ldap_bind_dn: cn=admin,dc=abc,dc=com
ldap_bind_pw: 123456789
ldap_search_base: dc=abc,dc=com
ldap_start_tls: yes
ldap_tls_cacert_dir: /var/myCA
ldap_tls_cacert_file: /var/myCA/cacert.crt
ldap_debug: -1
start LDAP:
root at ldap:~# /usr/local/openldap/libexec/slapd -h 'ldap:///'
start saslauthd:
root at ldap:~# /usr/local/sasl2/sbin/saslauthd -a ldap -O
/usr/local/etc/saslauthd.conf -d
saslauthd[765] :main : num_procs : 5
saslauthd[765] :main : mech_option:
/usr/local/etc/saslauthd.conf
saslauthd[765] :main : run_path : /var/run
saslauthd[765] :main : auth_mech : ldap
saslauthd[765] :ipc_init : using accept lock file:
/var/run/mux.accept
saslauthd[765] :detach_tty : master pid is: 0
saslauthd[765] :ipc_init : listening on socket: /var/run/mux
saslauthd[765] :main : using process model
saslauthd[765] :have_baby : forked child: 766
saslauthd[765] :have_baby : forked child: 767
saslauthd[765] :have_baby : forked child: 768
saslauthd[765] :have_baby : forked child: 769
saslauthd[765] :get_accept_lock : acquired accept lock
test uid:
root at ldap:~# /usr/local/sasl2/sbin/testsaslauthd -u khanhnq -p 123456
0: NO "authentication failed"
I have a debug result:
saslauthd[765] :rel_accept_lock : released accept lock
saslauthd[767] :get_accept_lock : acquired accept lock
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 10
ldap_prepare_socket: 10
ldap_connect_to_host: Trying ::1 389
ldap_pvt_connect: fd: 10 tm: 5 async: 0
ldap_ndelay_on: 10
ldap_int_poll: fd: 10 tm: 5
ldap_is_sock_ready: 10
ldap_ndelay_off: 10
ldap_pvt_connect: 0
ldap_open_defconn: successful
ldap_send_server_request
ldap_result ld 0x9cef220 msgid 1
wait4msg ld 0x9cef220 msgid 1 (infinite timeout)
wait4msg continue ld 0x9cef220 msgid 1 all 1
** ld 0x9cef220 Connections:
* host: localhost port: 389 (default)
refcnt: 2 status: Connected
last used: Fri May 27 16:40:05 2011
** ld 0x9cef220 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x9cef220 request count 1 (abandoned 0)
** ld 0x9cef220 Response Queue:
Empty
ld 0x9cef220 response count 0
ldap_chkResponseList ld 0x9cef220 msgid 1 all 1
ldap_chkResponseList returns ld 0x9cef220 NULL
ldap_int_select
read1msg: ld 0x9cef220 msgid 1 all 1
read1msg: ld 0x9cef220 msgid 1 message type extended-result
read1msg: ld 0x9cef220 0 new referrals
read1msg: mark request completed, ld 0x9cef220 msgid 1
request done: ld 0x9cef220 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_extended_result
ldap_parse_result
ldap_msgfree
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 1, err: 0, subject:
/CN=abc.com/ST=HCM/C=VN/emailAddress=root at abc.com/O=SGT/OU=NW Department,
issuer: /CN=abc.com/ST=HCM/C=VN/emailAddress=root at abc.com/O=SGT/OU=NW
Department
TLS certificate verification: depth: 0, err: 7, subject:
/CN=abc.com/ST=HCM/C=VN/emailAddress=root at abc.com/O=SGT/OU=NW, issuer:
/CN=abc.com/ST=HCM/C=VN/emailAddress=root at abc.com/O=SGT/OU=NW Department
TLS certificate verification: Error, certificate signature failure
TLS trace: SSL3 alert write:fatal:decrypt error
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect: error:14090086:SSL routines:func(144):reason(134)
(certificate signature failure).
ldap_err2string
ldap_unbind
ldap_free_connection 1 1
ldap_send_unbind
ldap_free_connection: actually freed
saslauthd[765] :do_auth : auth failure: [user=khanhnq]
[service=imap] [realm=] [mech=ldap] [reason=Unknown]
saslauthd[765] :do_request : response: NO
What i'm doing wrong?
Here is my ldapsearch result:
root at ldap:/usr/local/openldap/bin# ./ldapsearch -xLL -b dc=abc,dc=com
uid=khanhnq -d -1
ldap_create
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP abc.com:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying ::1 389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_dump: buf=0x9023e88 ptr=0x9023e88 end=0x9023e96 len=14
0000: 30 0c 02 01 01 60 07 02 01 03 04 00 80 00 0....`........
ber_scanf fmt ({i) ber:
ber_dump: buf=0x9023e88 ptr=0x9023e8d end=0x9023e96 len=9
0000: 60 07 02 01 03 04 00 80 00 `........
ber_flush2: 14 bytes to sd 3
0000: 30 0c 02 01 01 60 07 02 01 03 04 00 80 00 0....`........
ldap_write: want=14, written=14
0000: 30 0c 02 01 01 60 07 02 01 03 04 00 80 00 0....`........
ldap_result ld 0x901b540 msgid 1
wait4msg ld 0x901b540 msgid 1 (infinite timeout)
wait4msg continue ld 0x901b540 msgid 1 all 1
** ld 0x901b540 Connections:
* host: abc.com port: 389 (default)
refcnt: 2 status: Connected
last used: Fri May 27 16:42:21 2011
** ld 0x901b540 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x901b540 request count 1 (abandoned 0)
** ld 0x901b540 Response Queue:
Empty
ld 0x901b540 response count 0
ldap_chkResponseList ld 0x901b540 msgid 1 all 1
ldap_chkResponseList returns ld 0x901b540 NULL
ldap_int_select
read1msg: ld 0x901b540 msgid 1 all 1
ber_get_next
ldap_read: want=8, got=8
0000: 30 0c 02 01 01 61 07 0a 0....a..
ldap_read: want=6, got=6
0000: 01 00 04 00 04 00 ......
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0x9025488 ptr=0x9025488 end=0x9025494 len=12
0000: 02 01 01 61 07 0a 01 00 04 00 04 00 ...a........
read1msg: ld 0x901b540 msgid 1 message type bind
ber_scanf fmt ({eAA) ber:
ber_dump: buf=0x9025488 ptr=0x902548b end=0x9025494 len=9
0000: 61 07 0a 01 00 04 00 04 00 a........
read1msg: ld 0x901b540 0 new referrals
read1msg: mark request completed, ld 0x901b540 msgid 1
request done: ld 0x901b540 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_dump: buf=0x9025488 ptr=0x902548b end=0x9025494 len=9
0000: 61 07 0a 01 00 04 00 04 00 a........
ber_scanf fmt (}) ber:
ber_dump: buf=0x9025488 ptr=0x9025494 end=0x9025494 len=0
ldap_msgfree
version: 1
ldap_search_ext
put_filter: "uid=khanhnq"
put_filter: default
put_simple_filter: "uid=khanhnq"
ldap_build_search_req ATTRS: *
ldap_send_initial_request
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_dump: buf=0x9023e88 ptr=0x9023e88 end=0x9023ebf len=55
0000: 30 35 02 01 02 63 30 04 0d 64 63 3d 61 62 63 2c
05...c0..dc=abc,
0010: 64 63 3d 63 6f 6d 0a 01 02 0a 01 00 02 01 00 02
dc=com..........
0020: 01 00 01 01 00 a3 0e 04 03 75 69 64 04 07 6b 68
.........uid..kh
0030: 61 6e 68 6e 71 30 00 anhnq0.
ber_scanf fmt ({) ber:
ber_dump: buf=0x9023e88 ptr=0x9023e8d end=0x9023ebf len=50
0000: 63 30 04 0d 64 63 3d 61 62 63 2c 64 63 3d 63 6f
c0..dc=abc,dc=co
0010: 6d 0a 01 02 0a 01 00 02 01 00 02 01 00 01 01 00
m...............
0020: a3 0e 04 03 75 69 64 04 07 6b 68 61 6e 68 6e 71
....uid..khanhnq
0030: 30 00 0.
ber_flush2: 55 bytes to sd 3
0000: 30 35 02 01 02 63 30 04 0d 64 63 3d 61 62 63 2c
05...c0..dc=abc,
0010: 64 63 3d 63 6f 6d 0a 01 02 0a 01 00 02 01 00 02
dc=com..........
0020: 01 00 01 01 00 a3 0e 04 03 75 69 64 04 07 6b 68
.........uid..kh
0030: 61 6e 68 6e 71 30 00 anhnq0.
ldap_write: want=55, written=55
0000: 30 35 02 01 02 63 30 04 0d 64 63 3d 61 62 63 2c
05...c0..dc=abc,
0010: 64 63 3d 63 6f 6d 0a 01 02 0a 01 00 02 01 00 02
dc=com..........
0020: 01 00 01 01 00 a3 0e 04 03 75 69 64 04 07 6b 68
.........uid..kh
0030: 61 6e 68 6e 71 30 00 anhnq0.
ldap_result ld 0x901b540 msgid -1
wait4msg ld 0x901b540 msgid -1 (infinite timeout)
wait4msg continue ld 0x901b540 msgid -1 all 0
** ld 0x901b540 Connections:
* host: abc.com port: 389 (default)
refcnt: 2 status: Connected
last used: Fri May 27 16:42:21 2011
** ld 0x901b540 Outstanding Requests:
* msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
ld 0x901b540 request count 1 (abandoned 0)
** ld 0x901b540 Response Queue:
Empty
ld 0x901b540 response count 0
ldap_chkResponseList ld 0x901b540 msgid -1 all 0
ldap_chkResponseList returns ld 0x901b540 NULL
ldap_int_select
read1msg: ld 0x901b540 msgid -1 all 0
ber_get_next
ldap_read: want=8, got=8
0000: 30 82 01 13 02 01 02 64 0......d
ldap_read: want=271, got=271
0000: 82 01 0c 04 28 63 6e 3d 4b 68 61 6e 68 20 4e 67 ....(cn=Khanh
Ng
0010: 75 79 65 6e 2c 6f 75 3d 6e 65 74 77 6f 72 6b 2c
uyen,ou=network,
0020: 64 63 3d 61 62 63 2c 64 63 3d 63 6f 6d 30 81 df
dc=abc,dc=com0..
0030: 30 1e 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73 31
0...objectClass1
0040: 0f 04 0d 69 6e 65 74 4f 72 67 50 65 72 73 6f 6e
...inetOrgPerson
0050: 30 27 04 02 63 6e 31 21 04 0c 4b 68 61 6e 68 20
0'..cn1!..Khanh
0060: 4e 67 75 79 65 6e 04 11 4b 68 61 6e 68 20 4e 67 Nguyen..Khanh
Ng
0070: 75 79 65 6e 20 51 75 6f 63 30 0d 04 02 73 6e 31 uyen
Quoc0...sn1
0080: 07 04 05 4b 68 61 6e 68 30 10 04 03 75 69 64 31
...Khanh0...uid1
0090: 09 04 07 6b 68 61 6e 68 6e 71 30 18 04 0c 75 73
...khanhnq0...us
00a0: 65 72 50 61 73 73 77 6f 72 64 31 08 04 06 31 32
erPassword1...12
00b0: 33 34 35 36 30 48 04 04 6d 61 69 6c 31 40 04 0f
34560H..mail1 at ..
00c0: 6b 68 61 6e 68 6e 71 40 61 62 63 2e 63 6f 6d 04
khanhnq at abc.com.
00d0: 12 6e 71 6b 32 38 37 30 33 40 79 61 68 6f 6f 2e
.nqk28703 at yahoo.
00e0: 63 6f 6d 04 19 6b 68 61 6e 68 6e 71 40 73 61 69
com..khanhnq at sai
00f0: 67 6f 6e 74 65 63 68 2e 65 64 75 2e 76 6e 30 0f
gontech.edu.vn0.
0100: 04 02 6f 75 31 09 04 07 6e 65 74 77 6f 72 6b
..ou1...network
ber_get_next: tag 0x30 len 275 contents:
ber_dump: buf=0x90255f0 ptr=0x90255f0 end=0x9025703 len=275
0000: 02 01 02 64 82 01 0c 04 28 63 6e 3d 4b 68 61 6e
...d....(cn=Khan
0010: 68 20 4e 67 75 79 65 6e 2c 6f 75 3d 6e 65 74 77 h
Nguyen,ou=netw
0020: 6f 72 6b 2c 64 63 3d 61 62 63 2c 64 63 3d 63 6f
ork,dc=abc,dc=co
0030: 6d 30 81 df 30 1e 04 0b 6f 62 6a 65 63 74 43 6c
m0..0...objectCl
0040: 61 73 73 31 0f 04 0d 69 6e 65 74 4f 72 67 50 65
ass1...inetOrgPe
0050: 72 73 6f 6e 30 27 04 02 63 6e 31 21 04 0c 4b 68
rson0'..cn1!..Kh
0060: 61 6e 68 20 4e 67 75 79 65 6e 04 11 4b 68 61 6e anh
Nguyen..Khan
0070: 68 20 4e 67 75 79 65 6e 20 51 75 6f 63 30 0d 04 h Nguyen
Quoc0..
0080: 02 73 6e 31 07 04 05 4b 68 61 6e 68 30 10 04 03
.sn1...Khanh0...
0090: 75 69 64 31 09 04 07 6b 68 61 6e 68 6e 71 30 18
uid1...khanhnq0.
00a0: 04 0c 75 73 65 72 50 61 73 73 77 6f 72 64 31 08
..userPassword1.
00b0: 04 06 31 32 33 34 35 36 30 48 04 04 6d 61 69 6c
..1234560H..mail
00c0: 31 40 04 0f 6b 68 61 6e 68 6e 71 40 61 62 63 2e
1 at ..khanhnq@abc.
00d0: 63 6f 6d 04 12 6e 71 6b 32 38 37 30 33 40 79 61
com..nqk28703 at ya
00e0: 68 6f 6f 2e 63 6f 6d 04 19 6b 68 61 6e 68 6e 71
hoo.com..khanhnq
00f0: 40 73 61 69 67 6f 6e 74 65 63 68 2e 65 64 75 2e
@saigontech.edu.
0100: 76 6e 30 0f 04 02 6f 75 31 09 04 07 6e 65 74 77
vn0...ou1...netw
0110: 6f 72 6b ork
read1msg: ld 0x901b540 msgid 2 message type search-entry
ldap_get_dn_ber
ber_scanf fmt ({ml{) ber:
ber_dump: buf=0x90255f0 ptr=0x90255f3 end=0x9025703 len=272
0000: 64 82 01 0c 04 28 63 6e 3d 4b 68 61 6e 68 20 4e d....(cn=Khanh
N
0010: 67 75 79 65 6e 2c 6f 75 3d 6e 65 74 77 6f 72 6b
guyen,ou=network
0020: 2c 64 63 3d 61 62 63 2c 64 63 3d 63 6f 6d 30 81
,dc=abc,dc=com0.
0030: df 30 1e 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73
.0...objectClass
0040: 31 0f 04 0d 69 6e 65 74 4f 72 67 50 65 72 73 6f
1...inetOrgPerso
0050: 6e 30 27 04 02 63 6e 31 21 04 0c 4b 68 61 6e 68
n0'..cn1!..Khanh
0060: 20 4e 67 75 79 65 6e 04 11 4b 68 61 6e 68 20 4e Nguyen..Khanh
N
0070: 67 75 79 65 6e 20 51 75 6f 63 30 0d 04 02 73 6e guyen
Quoc0...sn
0080: 31 07 04 05 4b 68 61 6e 68 30 10 04 03 75 69 64
1...Khanh0...uid
0090: 31 09 04 07 6b 68 61 6e 68 6e 71 30 18 04 0c 75
1...khanhnq0...u
00a0: 73 65 72 50 61 73 73 77 6f 72 64 31 08 04 06 31
serPassword1...1
00b0: 32 33 34 35 36 30 48 04 04 6d 61 69 6c 31 40 04
234560H..mail1 at .
00c0: 0f 6b 68 61 6e 68 6e 71 40 61 62 63 2e 63 6f 6d
.khanhnq at abc.com
00d0: 04 12 6e 71 6b 32 38 37 30 33 40 79 61 68 6f 6f
..nqk28703 at yahoo
00e0: 2e 63 6f 6d 04 19 6b 68 61 6e 68 6e 71 40 73 61
.com..khanhnq at sa
00f0: 69 67 6f 6e 74 65 63 68 2e 65 64 75 2e 76 6e 30
igontech.edu.vn0
0100: 0f 04 02 6f 75 31 09 04 07 6e 65 74 77 6f 72 6b
...ou1...network
dn: cn=Khanh Nguyen,ou=network,dc=abc,dc=com
ber_scanf fmt ({xx) ber:
ber_dump: buf=0x90255f0 ptr=0x90255f3 end=0x9025703 len=272
0000: 64 82 01 0c 04 28 63 6e 3d 4b 68 61 6e 68 20 4e d....(cn=Khanh
N
0010: 67 75 79 65 6e 2c 6f 75 3d 6e 65 74 77 6f 72 6b
guyen,ou=network
0020: 2c 64 63 3d 61 62 63 2c 64 63 3d 63 6f 6d 00 81
,dc=abc,dc=com..
0030: df 30 1e 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73
.0...objectClass
0040: 31 0f 04 0d 69 6e 65 74 4f 72 67 50 65 72 73 6f
1...inetOrgPerso
0050: 6e 30 27 04 02 63 6e 31 21 04 0c 4b 68 61 6e 68
n0'..cn1!..Khanh
0060: 20 4e 67 75 79 65 6e 04 11 4b 68 61 6e 68 20 4e Nguyen..Khanh
N
0070: 67 75 79 65 6e 20 51 75 6f 63 30 0d 04 02 73 6e guyen
Quoc0...sn
0080: 31 07 04 05 4b 68 61 6e 68 30 10 04 03 75 69 64
1...Khanh0...uid
0090: 31 09 04 07 6b 68 61 6e 68 6e 71 30 18 04 0c 75
1...khanhnq0...u
00a0: 73 65 72 50 61 73 73 77 6f 72 64 31 08 04 06 31
serPassword1...1
00b0: 32 33 34 35 36 30 48 04 04 6d 61 69 6c 31 40 04
234560H..mail1 at .
00c0: 0f 6b 68 61 6e 68 6e 71 40 61 62 63 2e 63 6f 6d
.khanhnq at abc.com
00d0: 04 12 6e 71 6b 32 38 37 30 33 40 79 61 68 6f 6f
..nqk28703 at yahoo
00e0: 2e 63 6f 6d 04 19 6b 68 61 6e 68 6e 71 40 73 61
.com..khanhnq at sa
00f0: 69 67 6f 6e 74 65 63 68 2e 65 64 75 2e 76 6e 30
igontech.edu.vn0
0100: 0f 04 02 6f 75 31 09 04 07 6e 65 74 77 6f 72 6b
...ou1...network
ldap_get_attribute_ber
ber_scanf fmt ({mM}) ber:
ber_dump: buf=0x90255f0 ptr=0x9025624 end=0x9025703 len=223
0000: 30 1e 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73 31
0...objectClass1
0010: 0f 04 0d 69 6e 65 74 4f 72 67 50 65 72 73 6f 6e
...inetOrgPerson
0020: 30 27 04 02 63 6e 31 21 04 0c 4b 68 61 6e 68 20
0'..cn1!..Khanh
0030: 4e 67 75 79 65 6e 04 11 4b 68 61 6e 68 20 4e 67 Nguyen..Khanh
Ng
0040: 75 79 65 6e 20 51 75 6f 63 30 0d 04 02 73 6e 31 uyen
Quoc0...sn1
0050: 07 04 05 4b 68 61 6e 68 30 10 04 03 75 69 64 31
...Khanh0...uid1
0060: 09 04 07 6b 68 61 6e 68 6e 71 30 18 04 0c 75 73
...khanhnq0...us
0070: 65 72 50 61 73 73 77 6f 72 64 31 08 04 06 31 32
erPassword1...12
0080: 33 34 35 36 30 48 04 04 6d 61 69 6c 31 40 04 0f
34560H..mail1 at ..
0090: 6b 68 61 6e 68 6e 71 40 61 62 63 2e 63 6f 6d 04
khanhnq at abc.com.
00a0: 12 6e 71 6b 32 38 37 30 33 40 79 61 68 6f 6f 2e
.nqk28703 at yahoo.
00b0: 63 6f 6d 04 19 6b 68 61 6e 68 6e 71 40 73 61 69
com..khanhnq at sai
00c0: 67 6f 6e 74 65 63 68 2e 65 64 75 2e 76 6e 30 0f
gontech.edu.vn0.
00d0: 04 02 6f 75 31 09 04 07 6e 65 74 77 6f 72 6b
..ou1...network
objectClass: inetOrgPerson
ldap_get_attribute_ber
ber_scanf fmt ({mM}) ber:
ber_dump: buf=0x90255f0 ptr=0x9025644 end=0x9025703 len=191
0000: 00 27 04 02 63 6e 31 21 04 0c 4b 68 61 6e 68 20
.'..cn1!..Khanh
0010: 4e 67 75 79 65 6e 04 11 4b 68 61 6e 68 20 4e 67 Nguyen..Khanh
Ng
0020: 75 79 65 6e 20 51 75 6f 63 30 0d 04 02 73 6e 31 uyen
Quoc0...sn1
0030: 07 04 05 4b 68 61 6e 68 30 10 04 03 75 69 64 31
...Khanh0...uid1
0040: 09 04 07 6b 68 61 6e 68 6e 71 30 18 04 0c 75 73
...khanhnq0...us
0050: 65 72 50 61 73 73 77 6f 72 64 31 08 04 06 31 32
erPassword1...12
0060: 33 34 35 36 30 48 04 04 6d 61 69 6c 31 40 04 0f
34560H..mail1 at ..
0070: 6b 68 61 6e 68 6e 71 40 61 62 63 2e 63 6f 6d 04
khanhnq at abc.com.
0080: 12 6e 71 6b 32 38 37 30 33 40 79 61 68 6f 6f 2e
.nqk28703 at yahoo.
0090: 63 6f 6d 04 19 6b 68 61 6e 68 6e 71 40 73 61 69
com..khanhnq at sai
00a0: 67 6f 6e 74 65 63 68 2e 65 64 75 2e 76 6e 30 0f
gontech.edu.vn0.
00b0: 04 02 6f 75 31 09 04 07 6e 65 74 77 6f 72 6b
..ou1...network
cn: Khanh Nguyen
cn: Khanh Nguyen Quoc
ldap_get_attribute_ber
ber_scanf fmt ({mM}) ber:
ber_dump: buf=0x90255f0 ptr=0x902566d end=0x9025703 len=150
0000: 00 0d 04 02 73 6e 31 07 04 05 4b 68 61 6e 68 30
....sn1...Khanh0
0010: 10 04 03 75 69 64 31 09 04 07 6b 68 61 6e 68 6e
...uid1...khanhn
0020: 71 30 18 04 0c 75 73 65 72 50 61 73 73 77 6f 72
q0...userPasswor
0030: 64 31 08 04 06 31 32 33 34 35 36 30 48 04 04 6d
d1...1234560H..m
0040: 61 69 6c 31 40 04 0f 6b 68 61 6e 68 6e 71 40 61
ail1 at ..khanhnq@a
0050: 62 63 2e 63 6f 6d 04 12 6e 71 6b 32 38 37 30 33
bc.com..nqk28703
0060: 40 79 61 68 6f 6f 2e 63 6f 6d 04 19 6b 68 61 6e
@yahoo.com..khan
0070: 68 6e 71 40 73 61 69 67 6f 6e 74 65 63 68 2e 65
hnq at saigontech.e
0080: 64 75 2e 76 6e 30 0f 04 02 6f 75 31 09 04 07 6e
du.vn0...ou1...n
0090: 65 74 77 6f 72 6b etwork
sn: Khanh
ldap_get_attribute_ber
ber_scanf fmt ({mM}) ber:
ber_dump: buf=0x90255f0 ptr=0x902567c end=0x9025703 len=135
0000: 00 10 04 03 75 69 64 31 09 04 07 6b 68 61 6e 68
....uid1...khanh
0010: 6e 71 30 18 04 0c 75 73 65 72 50 61 73 73 77 6f
nq0...userPasswo
0020: 72 64 31 08 04 06 31 32 33 34 35 36 30 48 04 04
rd1...1234560H..
0030: 6d 61 69 6c 31 40 04 0f 6b 68 61 6e 68 6e 71 40
mail1 at ..khanhnq@
0040: 61 62 63 2e 63 6f 6d 04 12 6e 71 6b 32 38 37 30
abc.com..nqk2870
0050: 33 40 79 61 68 6f 6f 2e 63 6f 6d 04 19 6b 68 61
3 at yahoo.com..kha
0060: 6e 68 6e 71 40 73 61 69 67 6f 6e 74 65 63 68 2e
nhnq at saigontech.
0070: 65 64 75 2e 76 6e 30 0f 04 02 6f 75 31 09 04 07
edu.vn0...ou1...
0080: 6e 65 74 77 6f 72 6b network
uid: khanhnq
ldap_get_attribute_ber
ber_scanf fmt ({mM}) ber:
ber_dump: buf=0x90255f0 ptr=0x902568e end=0x9025703 len=117
0000: 00 18 04 0c 75 73 65 72 50 61 73 73 77 6f 72 64
....userPassword
0010: 31 08 04 06 31 32 33 34 35 36 30 48 04 04 6d 61
1...1234560H..ma
0020: 69 6c 31 40 04 0f 6b 68 61 6e 68 6e 71 40 61 62
il1 at ..khanhnq@ab
0030: 63 2e 63 6f 6d 04 12 6e 71 6b 32 38 37 30 33 40
c.com..nqk28703@
0040: 79 61 68 6f 6f 2e 63 6f 6d 04 19 6b 68 61 6e 68
yahoo.com..khanh
0050: 6e 71 40 73 61 69 67 6f 6e 74 65 63 68 2e 65 64
nq at saigontech.ed
0060: 75 2e 76 6e 30 0f 04 02 6f 75 31 09 04 07 6e 65
u.vn0...ou1...ne
0070: 74 77 6f 72 6b twork
userPassword:: MTIzNDU2
ldap_get_attribute_ber
ber_scanf fmt ({mM}) ber:
ber_dump: buf=0x90255f0 ptr=0x90256a8 end=0x9025703 len=91
0000: 00 48 04 04 6d 61 69 6c 31 40 04 0f 6b 68 61 6e
.H..mail1 at ..khan
0010: 68 6e 71 40 61 62 63 2e 63 6f 6d 04 12 6e 71 6b
hnq at abc.com..nqk
0020: 32 38 37 30 33 40 79 61 68 6f 6f 2e 63 6f 6d 04
28703 at yahoo.com.
0030: 19 6b 68 61 6e 68 6e 71 40 73 61 69 67 6f 6e 74
.khanhnq at saigont
0040: 65 63 68 2e 65 64 75 2e 76 6e 30 0f 04 02 6f 75
ech.edu.vn0...ou
0050: 31 09 04 07 6e 65 74 77 6f 72 6b 1...network
mail: khanhnq at abc.com
mail: nqk28703 at yahoo.com
mail: khanhnq at saigontech.edu.vn
ldap_get_attribute_ber
ber_scanf fmt ({mM}) ber:
ber_dump: buf=0x90255f0 ptr=0x90256f2 end=0x9025703 len=17
0000: 00 0f 04 02 6f 75 31 09 04 07 6e 65 74 77 6f 72
....ou1...networ
0010: 6b k
ou: network
ldap_get_attribute_ber
ldap_msgfree
ldap_result ld 0x901b540 msgid -1
wait4msg ld 0x901b540 msgid -1 (infinite timeout)
wait4msg continue ld 0x901b540 msgid -1 all 0
** ld 0x901b540 Connections:
* host: abc.com port: 389 (default)
refcnt: 2 status: Connected
last used: Fri May 27 16:42:21 2011
** ld 0x901b540 Outstanding Requests:
* msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
ld 0x901b540 request count 1 (abandoned 0)
** ld 0x901b540 Response Queue:
Empty
ld 0x901b540 response count 0
ldap_chkResponseList ld 0x901b540 msgid -1 all 0
ldap_chkResponseList returns ld 0x901b540 NULL
ldap_int_select
read1msg: ld 0x901b540 msgid -1 all 0
ber_get_next
ldap_read: want=8, got=8
0000: 30 0c 02 01 02 65 07 0a 0....e..
ldap_read: want=6, got=6
0000: 01 00 04 00 04 00 ......
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0x90252d8 ptr=0x90252d8 end=0x90252e4 len=12
0000: 02 01 02 65 07 0a 01 00 04 00 04 00 ...e........
read1msg: ld 0x901b540 msgid 2 message type search-result
ber_scanf fmt ({eAA) ber:
ber_dump: buf=0x90252d8 ptr=0x90252db end=0x90252e4 len=9
0000: 65 07 0a 01 00 04 00 04 00 e........
read1msg: ld 0x901b540 0 new referrals
read1msg: mark request completed, ld 0x901b540 msgid 2
request done: ld 0x901b540 msgid 2
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 2, msgid 2)
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_dump: buf=0x90252d8 ptr=0x90252db end=0x90252e4 len=9
0000: 65 07 0a 01 00 04 00 04 00 e........
ber_scanf fmt (}) ber:
ber_dump: buf=0x90252d8 ptr=0x90252e4 end=0x90252e4 len=0
ldap_msgfree
ldap_free_connection 1 1
ldap_send_unbind
ber_flush2: 7 bytes to sd 3
0000: 30 05 02 01 03 42 00 0....B.
ldap_write: want=7, written=7
0000: 30 05 02 01 03 42 00 0....B.
ldap_free_connection: actually freed
Please help,
Best Regards,
--
***********************************
EVERYTHING HAS JUST BEGUN...
On Thu, 26 May 2011 13:13:49 -0500, Dan White <dwhite at olp.net> wrote:
> On 26/05/11 16:50 +0700, Nguyen, Quoc Khanh wrote:
>>Oh, my god... It's failed... too. When i checked TLS/SSL by ldapsearch
and
>>it worked OK...
>>I... I'm so confusing about this problem. After relax for a while, i
>>decide to go back for your way: use STARTTLS. And when i tested for many
>>times, i have a result:
>>
>>root at ldap:/usr/local/sasl2/sbin# ./testsaslauthd -u khanhnq -p 123456
>>0: NO "authentication failed"
>>root at ldap:/usr/local/sasl2/sbin# ./testsaslauthd -u khanhnq -p 123456
>>0: OK "Success."
>>root at ldap:/usr/local/sasl2/sbin# ./testsaslauthd -u khanhnq -p 123456
>>0: NO "authentication failed"
>>root at ldap:/usr/local/sasl2/sbin# ./testsaslauthd -u khanhnq -p 123456
>>0: NO "authentication failed"
>>root at ldap:/usr/local/sasl2/sbin# ./testsaslauthd -u khanhnq -p 123456
>>0: OK "Success."
>>root at ldap:/usr/local/sasl2/sbin# ./testsaslauthd -u khanhnq -p 123456
>>0: NO "authentication failed"
>>root at ldap:/usr/local/sasl2/sbin# ./testsaslauthd -u khanhnq -p 123456
>>0: OK "Success."
>
> How many threads (saslauthd option -n) are you starting? Does it make
any
> difference if you set that value to 0, 1, or a higher number than 5 (the
> default)?
>
> To help debug, try running saslauthd with '-d', and add this
> (undocumented) command to your saslauthd.conf:
>
> ldap_debug: -1
More information about the Cyrus-sasl
mailing list