[KLUG Members] SASL

Peter Buxton members@kalamazoolinux.org
Wed, 18 Dec 2002 16:53:11 -0500

Previous message: [KLUG Members] SASL
Next message: [KLUG Members] Wine systray
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Dec 18, 2002 at 02:50:32PM -0500, Adam Williams wrote:

> The LDAP server (slapd, yes?) performs password encryption, as specified
> in the "userpassword" attribute, and compares the password you sent to
> the password stored in "userpassword".  So for simple binds, yes, the
> DSA has to have the clear text password.  But it isn't really clear text
> if your using LDAP TLS.

Yeah, but what if TLS isn't working?

grimace:04:48:26:~$ ldapsearch -D "cn=admin,dc=killdevil,dc=org" -W -x -LLL "(uid=peter)" cn sn +
Enter LDAP Password:
dn: uid=peter,dc=killdevil,dc=org
cn: Peter B. Buxton
cn: Peter Buxton
cn: Buxton, Peter
creatorsName: cn=admin,dc=killdevil,dc=org
createTimestamp: 20021216194205Z
modifiersName: cn=admin,dc=killdevil,dc=org
modifyTimestamp: 20021216194205Z
subschemaSubentry: cn=Subschema

grimace:04:48:40:~$ ldapsearch -ZZ -D "cn=admin,dc=killdevil,dc=org" -W -x -LLL "(uid=peter)" cn sn +
ldap_start_tls: Connect error
grimace:04:48:46:~$ cat /root/slapd.errors

send_ldap_extended 0: (0)
send_ldap_response: msgid=1 tag=120 err=0
ber_flush: 14 bytes to sd 9
connection_get(9): got connid=9
connection_read(9): checking for input on id=9
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A

Hmmm.... Now, did TLS error out, or did LDAP hang itself on the auth
step? 

/me trudges off to Google for the answer...

connection_get(9): got connid=9
connection_read(9): checking for input on id=9
TLS trace: SSL_accept:SSLv3 read client key exchange A
TLS trace: SSL_accept:SSLv3 read finished A
TLS trace: SSL_accept:SSLv3 write change cipher spec A
TLS trace: SSL_accept:SSLv3 write finished A
TLS trace: SSL_accept:SSLv3 flush data
connection_get(9): got connid=9
connection_read(9): checking for input on id=9
ber_get_next
ber_get_next on fd 9 failed errno=0 (Success)
connection_read(9): input error=-2 id=9, closing.
connection_closing: readying conn=9 sd=9 for close
connection_close: conn=9 sd=9
TLS trace: SSL3 alert write:warning:close notify
slap_sig_shutdown: signal 15
daemon: shutdown requested and initiated.
slapd shutdown: waiting for 0 threads to terminate
slapd shutdown: initiated
ldbm backend syncing
ldbm flushing db (dn2id.dbb)
ldbm closing db (dn2id.dbb)
ldbm flushing db (id2entry.dbb)
ldbm closing db (id2entry.dbb)
ldbm flushing db (nextid.dbb)
ldbm closing db (nextid.dbb)
ldbm flushing db (objectClass.dbb)
ldbm closing db (objectClass.dbb)
ldbm backend done syncing
====> cache_release_all
slapd shutdown: freeing system resources.
slapd stopped.

-- 
for gpg key: http://killdevil.org/~peter
Power tools for power fools.

Previous message: [KLUG Members] SASL
Next message: [KLUG Members] Wine systray
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]