SunONE DS 5.2 & sasl/DIGEST-MD5

From: Navarro, Eddy (enavarro@tigr.ORG)
Date: Wed Aug 03 2005 - 16:26:38 EDT

• Next message: Pepper Orlando: "Third party DVD drive for V100, V120, AC200 ?"
• Previous message: Brian Lucas: "E3500 CPU failure"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Sun Managers,

I'm at my wits end trying to implement SunONE Directory Server 5.2
utilizing sasl/DIGEST-MD5 for authentication. I've got a test
environment consisting of a DS server, as well as a native LDAP client,
both Solaris 9. Credential level is set to proxy.

When auth method is simple, everything works fine, but when it is
changed to sasl/DIGEST-MD5, running ldaplist, for example, returns the
error "ldaplist: Object not found (Session error no available conn.

)". Looking through the access log on the server, I see the following:

[03/Aug/2005:16:22:10 -0400] conn=181 op=0 msgId=1 - BIND dn="dn:
cn=proxyagent,ou=profile,dc=tigr,dc=org" method=sasl version=3
mech=DIGEST-MD5

[03/Aug/2005:16:22:10 -0400] conn=181 op=0 msgId=1 - RESULT err=14
tag=97 nentries=0 etime=0, SASL bind in progress

[03/Aug/2005:16:22:10 -0400] conn=181 op=1 msgId=2 - BIND dn="dn:
cn=proxyagent,ou=profile,dc=tigr,dc=org" method=sasl version=3
mech=DIGEST-MD5

[03/Aug/2005:16:22:10 -0400] conn=-1 op=-1 msgId=-1 - SRCH
base="dn:cn=proxyagent,ou=profile,dc=tigr,dc=org" scope=0
filter="(|(objectclass=*)(objectclass=ldapsubentry))" attrs=ALL

[03/Aug/2005:16:22:10 -0400] conn=-1 op=-1 msgId=-1 - RESULT err=32
tag=48 nentries=0 etime=0

[03/Aug/2005:16:22:10 -0400] conn=181 op=1 msgId=2 - RESULT err=49
tag=97 nentries=0 etime=0

[03/Aug/2005:16:22:10 -0400] conn=181 op=2 msgId=3 - UNBIND

[03/Aug/2005:16:22:10 -0400] conn=181 op=2 msgId=-1 - closing - U1

[03/Aug/2005:16:22:11 -0400] conn=181 op=-1 msgId=-1 - closed.

>From what I can tell, SRCH base is getting foobar'd by the "dn:" at the
beginning, and is unable to locate the proxyagent user.

Can anyone help?

As a side-note, we have been able to get this to work with DS 5.1, but
have found 5.1 to be too unstable.

Thanks!

Eddy
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Pepper Orlando: "Third party DVD drive for V100, V120, AC200 ?"
• Previous message: Brian Lucas: "E3500 CPU failure"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:31:14 EDT