upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAPauxpropauthentication.
Howard Chu
hyc at highlandsun.com
Wed Feb 11 22:59:12 EST 2004
It looks like the ldapdb plugin sent an Unbind immediately after sending the
first SASL Bind request. It seems that the SASL client library didn't like
the challenge it got from the slapd server. At this point it would have been
helpful to enable LDAP debugging in the ldapdb plugin, but I never coded an
option to do that. You could hardcode a call to ldap_set_option() to enable
this yourself. You'll also need to add a call to extract the error message
string so you can see whatever message the SASL library produced. Or you
could file an enhancement request in the OpenLDAP ITS suggesting some that a
debug option be added... At any rate, this is only going to tell you that
something went wrong inside the SASL library, and whatever that problem is
will still need to be fixed.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: owner-cyrus-sasl at lists.andrew.cmu.edu
> [mailto:owner-cyrus-sasl at lists.andrew.cmu.edu]On Behalf Of Edward Rudd
> Sent: Wednesday, February 11, 2004 6:54 PM
> To: Howard Chu
> Cc: 'Igor Brezac'; 'Cyrus-SASL'; 'Cyrus-IMAP'
> Subject: RE: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks
> LDAPauxpropauthentication.
>
>
> Here is the "nohup slapd -d 255" file. and the entries from auth.log
> when running
> "imtest -a cyrus -u cyrus -m login devel"
>
> Feb 11 20:48:13 devel slapd[2927]: auxpropfunc error -7
> Feb 11 20:48:13 devel slapd[2927]: _sasl_plugin_load failed on
> sasl_auxprop_plug_init for plugin: ldapdb
> Feb 11 20:48:20 devel imap[2922]: DIGEST-MD5 client step 2
> Feb 11 20:48:20 devel imap[2922]: DIGEST-MD5 client step 2
> Feb 11 20:48:20 devel imap[2922]: bad userid authenticated
>
> There is no step 1 in there.. How odd..
>
> On Wed, 2004-02-11 at 19:58, Howard Chu wrote:
> > > -----Original Message-----
> > > From: owner-cyrus-sasl at lists.andrew.cmu.edu
> > > [mailto:owner-cyrus-sasl at lists.andrew.cmu.edu]On Behalf
> Of Edward Rudd
> >
> > > OK I patched my OpenLDAP and recompiled, installed
> restarted postfix,
> > > cyrus imapd, and started up ldap. And it still retuns
> "user not found"
> > > when I try to login to cyrus imap. But the auth.log now shows
> > > something different..
> > > --- auth.log ---
> > > Feb 11 19:19:46 devel imtest: DIGEST-MD5 client step 2
> > > Feb 11 19:19:53 devel imtest: DIGEST-MD5 client step 2
> > > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 server step 2
> > > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2
> > > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2
> > > Feb 11 19:19:53 devel imap[2282]: bad userid authenticated
> > > Feb 11 19:19:53 devel imap[2282]: no secret in database
> > > ----
> >
> > What happened to step 1?
> >
> > > And my ldap.log shows this (loglevel 255)
> > > --- ldap.log ---
> > > Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12
> > > Feb 11 19:19:53 devel slapd[2053]: connection_get(12)
> > > Feb 11 19:19:53 devel slapd[2053]: connection_get(12):
> got connid=5
> > > Feb 11 19:19:53 devel slapd[2053]: connection_read(12):
> checking for
> > > input on id=5
> >
> > OpenLDAP's syslog output is not useful for debugging; it's
> mainly for
> > reporting normal operational status. You need to run slapd
> in debug mode and
> > save the output from stderr when you actually want to chase a bug.
> >
> > In this case, both your auth.log and your ldap.log indicate
> that a SASL Bind
> > has been performed in an improper sequence (i.e., step 1
> doesn't appear in
> > the log, and it seems that some other request has been made
> before the SASL
> > Bind properly completed.). To see exactly what happened,
> you'll need the
> > debug trace from slapd.
> >
> > -- Howard Chu
> > Chief Architect, Symas Corp. Director, Highland Sun
> > http://www.symas.com http://highlandsun.com/hyc
> > Symas: Premier OpenSource Development and Support
> >
> --
> Edward Rudd <eddie at omegaware.com>
> Website http://outoforder.cc/
>
More information about the Info-cyrus
mailing list