openldap-technical
[Arriba] [Todas las Listas]

Re: Error conseguido mientras habilitando SASL

To: Dan White <dwhite@xxxxxxx>, Raffael Sahli <public@xxxxxxxxxxxxxxxx>, openldap-technical@xxxxxxxxxxxx
Subject: Re: Error conseguido mientras habilitando SASL
From: Gaurav Gugnani <gugnanigaurav@xxxxxxxxx>
Date: Fri, 3 Feb 2012 16:12:27 +0530
Delivery-date: Fri, 03 Feb 2012 05:44:34 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=+fh/keOEprNQHvP6W72uG5PvrpWA2D7GlErN5BqxREQ=; b=Q+8H7s99iAoB+6tlEfaDOqk/lRCNgqkNYnVQAETE1eDIxVTiCRKQq3/sCG8p0YR5pt GJNpcXHhcSC9OF1m59ZgUPWIA1scIxfj3DWU089WV5UqEY4PAENLAVP/NbwyBGL9AAHW wGyAtWN4gT3mk6IC3kUqCR12g4qKAm4cWmR1Q=
Envelope-to: traductor@xxxxxxxxxxx
In-reply-to: <CANnGQdjVuzogcTVzCd7Gy13rkQZJy5dDoQeoZi8V-6weg6XKOg@mail.gmail.com>
List-archive: <http://www.openldap.org/lists/openldap-technical>
List-help: <mailto:openldap-technical-request@openldap.org?subject=help>
List-id: OpenLDAP Technical Discussion list <openldap-technical.openldap.org>
List-post: <mailto:openldap-technical@openldap.org>
List-subscribe: <http://www.openldap.org/lists/mm/listinfo/openldap-technical>, <mailto:openldap-technical-request@openldap.org?subject=subscribe>
List-unsubscribe: <http://www.openldap.org/lists/mm/options/openldap-technical>, <mailto:openldap-technical-request@openldap.org?subject=unsubscribe>
References: <CANnGQdiXKTHN5yJaUdXAOU3oyVHx_8b7ZvPteVPjxT1rpfKtkA@mail.gmail.com> <CANnGQdgj3yUnxTQa1jOhydOEfcD5G3xdnQ3uptnbo-=NQhMSAQ@mail.gmail.com> <4F2A6684.1070208@raffaelsahli.com> <CANnGQdjcsqoLpUvkM_AZnRFtmuSOLRW5Nhe1rS9JaeieH9G__A@mail.gmail.com> <20120202153307.GB4617@dan.olp.net> <CANnGQdjVuzogcTVzCd7Gy13rkQZJy5dDoQeoZi8V-6weg6XKOg@mail.gmail.com>
Sender: openldap-technical-bounces@xxxxxxxxxxxx
Hola Todo,

he instalado el *cyrus-*sasl-*md5-2.1.22-5.*el5_4.3.*x86_64.*rpm Paquete.

**Logs:*

/Raíz>*pluginviewer

Instaló *SASL (*server lado) los mecanismos son:

*CRAM-MD5 ANÓNIMO *DIGEST-MD5 SENCILLO *LOGIN EXTERNO*

......


**

/*u01/*app/*openldap/producto/2.4.26/*etc/*openldap>*ldapsearch -*x  -*b "" -*s base
-*LLL *supportedSASLMechanisms
*dn:
**supportedSASLMechanisms: CRAM-MD5
*supportedSASLMechanisms: *DIGEST-MD5**

*
y otra vez empezado con *SASL proceso (probado #varios tiempo) pero *everytime...
Conseguido un error:
*Pasos *i siguió:*
1> *saslpasswd2 -*c *sasluser3
2> *sasldblistusers2
3> Parón *LDAP
4> edita *slapd.*conf Y añadir seguir líneas:
    contraseña-*hash#unknown{^*CLEARTEXT}
    *sasl-*regexp *uid=(.*),*cn=*DIGEST-MD5,*cn=*auth *uid=$1,*ou=Sistema,*o=*xyz
5> Inicio *LDAP
6> Añade cuenta de *ldif:
añade_*sasl_*accnt3.*ldif
----------------------------
# Cuenta de PRUEBA para *SASL:
*dn: *uid=*sasluser3,*ou=Sistema,*o=*xyz
*uid: *sasluser3
*ou: descripción
de Sistema: cuenta Especial para *SASL Probando
*userPassword: *sasluser3
*objectClass: cuenta
*objectClass: *simpleSecurityObject
7> *ldapadd -*x -*D *cn=Director,*o=*xyz -*W -*f añadir_*sasl_*accnt3.*ldif
8> **ldapsearch -*Y *DIGEST-MD5 -*U *sasluser3 -*b '*o=*xyz'*
     O **ldapsearch
    -*U *sasluser5 -*b '*o=*xyz'*

Excepto *evrytime error conseguido cuando:
*SASL/*DIGEST-MD5 *authentication empezado
Complacer introducir vuestra contraseña:
*ldap_*sasl_interactivo_ligar_*s: Nulo *credentials (49)
        adicional *info: *SASL(-13): el usuario no encontrado: ningún secreto en *database

*Thks mucho para ayudarme.

Consideraciones,
*Gaurav *Gugnani

En *Thu, *Feb 2, 2012 en 11:13 PM, *Gaurav *Gugnani <gugnanigaurav@xxxxxxxxx>escribió:

> Hola,
>
> *Thks para ayudarme fuera. Sí, el paquete falta.
>
> El O/P de *plugin espectador:
> /*u01/*app/*openldap/producto/2.4.26/*etc/*openldap>*pluginviewer
> Instaló *SASL (*server lado) los mecanismos son:
> ANÓNIMO SENCILLO *LOGIN EXTERNO
>
> Y claramente no está mostrando cualquier MD5 *SASL mecanismo.
>
> Ahora, *i'*ll intenta instalar paquete y probará mis pasos.
>
> Una vez otra vez *thks mucho para ayudar.
>
> Consideraciones,
> *Gaurav *Gugnani
>
> En *Thu, *Feb 2, 2012 en 9:03 PM, Blanco de Dan <dwhite@xxxxxxx> escribió:
>
>> En 02/02/12 16:24 +0530, *Gaurav *Gugnani escribió:
>>
>>> Hola,
>>>
>>> también supongo que mi paquete falta para *cyrus-*sasl *DIGEST MD5.
>>>
>>> Estoy trabajando en *linux 86_64 máquina y quiere implementar *DIGEST MD5
>>> mecanismo.
>>>
>>> Siguiendo los paquetes son instalados:
>>> /*u01/*app/*openldap/producto/2.4.**26/*etc/*openldap>*rpm -*qa | *grep
>>> *cyrus-*sasl
>>> *cyrus-*sasl-*devel-2.1.22-5.*el5_**4.3
>>> *cyrus-*sasl-sencillo-2.1.22-5.*el5_**4.3
>>> *cyrus-*sasl-*lib-2.1.22-5.*el5_4.**3
>>> *cyrus-*sasl-*devel-2.1.22-5.*el5_**4.3
>>> *cyrus-*sasl-*lib-2.1.22-5.*el5_4.**3
>>> *cyrus-*sasl-sencillo-2.1.22-5.*el5_**4.3
>>> *cyrus-*sasl-2.1.22-5.*el5_4.3
>>>
>>
>> Uso *pluginviewer (o posiblemente *saslpluginviewer) a *verify que *digest-*md5
>> es instalado. Si no, necesitarás descubrir qué paquete necesitas del
>> apoyo de vuestra distribución.
>>
>> Una vez instalado, y *verified utilizando *pluginviewer, *verify que *slapd está
>> ofreciendo el mecanismo con:
>>
>> *ldapsearch -*x -*H *ldap://*ldap.Ejemplo.Neto -*s "base"
>> "*supportedSASLMechanisms"
>>
>>  Complacer sugerir, si el paquete falta o  el *DIGEST trabajos% de mecanismo
>>> del MD con este *cyrus-*sasl módulos.
>>>
>>> *Thanks Para vuestra ayuda.
>>>
>>> Consideraciones,
>>> *Gaurav *Gugnani
>>>
>>>
>>> En *Thu, *Feb 2, 2012 en 4:03 PM, *Raffael *Sahli <public@xxxxxxxxxxxxxxxx>*
>>> *escribió:
>>>
>>>   En 02/02/2012 10:40 AM, *Gaurav *Gugnani escribió:
>>>>
>>>> Hola Todo,
>>>>
>>>> Después de que algunos más búsqueda a él y leyendo algunos más vínculos:
>>>>
>>>> *http://www.linuxtopia.org/***online_administración/de red_**
>>>> de los libros_guía/*ldap_**administración/*sasl_*SASL_**
>>>> *Authentication.*html<*http://Www.linuxtopia.org/*online_administración/de red_de los libros_guía/*ldap_administración/*sasl_*SASL_*Authentication.*html>
>>>> *http://*tldp.*org/*HOWTO/*LDAP-***HOWTO/*sasl.*html<*http://*tldp.*org/*HOWTO/*LDAP-*HOWTO/*sasl.*html>
>>>>
>>>> Yo  algún más pasos como-
>>>> *Paso-1:*
>>>>
>>>> En el archivo *slapd.*conf *i Añade seguir líneas:
>>>>   contraseña-*hash#unknown{^*CLEARTEXT}
>>>>   *sasl-*regexp *uid=(.*),*cn=*DIGEST-MD5,*cn=*auth *uid=$1,*ou=Sistema,*o=*db
>>>>
>>>> Y actuar *ldapsearch en manera diferente:
>>>> *ldapsearch -*Y *DIGEST-MD5 -*U *sasluser2 -*b '*o=*db'
>>>>
>>>> Excepto error conseguido otra vez cuando:
>>>> *ldap_*sasl_interactivo_ligar_*s: *Unknown *authentication método (-6)
>>>>        adicional *info: *SASL(-4): ningún mecanismo disponible: No digno
>>>> *mechs
>>>> encontrado
>>>>
>>>>  instalaste el *sasl módulos? (En *debian el nombre de paquete es
>>>> *libsasl2-módulos )
>>>>
>>>>
>>>> Complacer ayuda en conseguir fuera de este asunto.
>>>>
>>>> *Thanks Y Consideraciones,
>>>> *Gaurav *Gugnani
>>>>
>>>>
>>>>
>>>> --
>>>> *Raffael Sahlipublic@xxxxxxxxxxxxxxxx
>>>>
>>>>
>>>>
>> --
>> Blanco de Dan
>>
>
>
Hello All,

I've installed the cyrus-sasl-md5-2.1.22-5.el5_4.3.x86_64.rpm package.

*Logs:*

/root>pluginviewer

Installed SASL (server side) mechanisms are:

*CRAM-MD5 ANONYMOUS DIGEST-MD5 PLAIN LOGIN EXTERNAL*

......


**

/u01/app/openldap/product/2.4.26/etc/openldap>ldapsearch -x  -b "" -s base
-LLL supportedSASLMechanisms
dn:
*supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: DIGEST-MD5**

*
and again started with SASL process (tried several times) but everytime...
got an error:
*Steps i followed:*
1> saslpasswd2 -c sasluser3
2> sasldblistusers2
3> Stop LDAP
4> edit slapd.conf and add following lines:
    password-hash   {CLEARTEXT}
    sasl-regexp uid=(.*),cn=DIGEST-MD5,cn=auth uid=$1,ou=System,o=xyz
5> Start LDAP
6> Add account from ldif:
add_sasl_accnt3.ldif
----------------------------
# TEST Account for SASL:
dn: uid=sasluser3,ou=System,o=xyz
uid: sasluser3
ou: System
description: Special account for SASL Testing
userPassword: sasluser3
objectClass: account
objectClass: simpleSecurityObject
7> ldapadd -x -D cn=Manager,o=xyz -W -f add_sasl_accnt3.ldif
8> *ldapsearch -Y DIGEST-MD5 -U sasluser3 -b 'o=xyz'*
     Or
    *ldapsearch -U sasluser5 -b 'o=xyz'*

But evrytime got error as:
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
        additional info: SASL(-13): user not found: no secret in database

Thks a lot for helping me.

Regards,
Gaurav Gugnani

On Thu, Feb 2, 2012 at 11:13 PM, Gaurav Gugnani <gugnanigaurav@xxxxxxxxx>wrote:

> Hello,
>
> Thks for helping me out. Yes, the package is missing.
>
> The O/P of plugin viewer:
> /u01/app/openldap/product/2.4.26/etc/openldap>pluginviewer
> Installed SASL (server side) mechanisms are:
> ANONYMOUS PLAIN LOGIN EXTERNAL
>
> And clearly it is not displaying any MD5 SASL mechanism.
>
> Now, i'll try to install package and will try my steps.
>
> Once again thks a lot for helping.
>
> Regards,
> Gaurav Gugnani
>
> On Thu, Feb 2, 2012 at 9:03 PM, Dan White <dwhite@xxxxxxx> wrote:
>
>> On 02/02/12 16:24 +0530, Gaurav Gugnani wrote:
>>
>>> Hello,
>>>
>>> I too suppose that my package is missing for cyrus-sasl DIGEST MD5.
>>>
>>> I'm working on linux 86_64 machine and want to implement DIGEST MD5
>>> mechanism.
>>>
>>> Following packages are installed:
>>> /u01/app/openldap/product/2.4.**26/etc/openldap>rpm -qa | grep
>>> cyrus-sasl
>>> cyrus-sasl-devel-2.1.22-5.el5_**4.3
>>> cyrus-sasl-plain-2.1.22-5.el5_**4.3
>>> cyrus-sasl-lib-2.1.22-5.el5_4.**3
>>> cyrus-sasl-devel-2.1.22-5.el5_**4.3
>>> cyrus-sasl-lib-2.1.22-5.el5_4.**3
>>> cyrus-sasl-plain-2.1.22-5.el5_**4.3
>>> cyrus-sasl-2.1.22-5.el5_4.3
>>>
>>
>> Use pluginviewer (or possibly saslpluginviewer) to verify that digest-md5
>> is installed. If not, you'll need to find out which package you need from
>> your distribution's support.
>>
>> Once installed, and verified using pluginviewer, verify that slapd is
>> offering the mechanism with:
>>
>> ldapsearch -x -H ldap://ldap.example.net -s "base"
>> "supportedSASLMechanisms"
>>
>>  Please suggest, if package is missing or will the DIGEST MD% mechanism
>>> works with this cyrus-sasl modules.
>>>
>>> Thanks for your help.
>>>
>>> Regards,
>>> Gaurav Gugnani
>>>
>>>
>>> On Thu, Feb 2, 2012 at 4:03 PM, Raffael Sahli <public@xxxxxxxxxxxxxxxx>*
>>> *wrote:
>>>
>>>   On 02/02/2012 10:40 AM, Gaurav Gugnani wrote:
>>>>
>>>> Hello All,
>>>>
>>>> After some more research into it and reading some more links:
>>>>
>>>> http://www.linuxtopia.org/**online_books/network_**
>>>> administration_guides/ldap_**administration/sasl_SASL_**
>>>> Authentication.html<http://www.linuxtopia.org/online_books/network_administration_guides/ldap_administration/sasl_SASL_Authentication.html>
>>>> http://tldp.org/HOWTO/LDAP-**HOWTO/sasl.html<http://tldp.org/HOWTO/LDAP-HOWTO/sasl.html>
>>>>
>>>> I did some more steps like-
>>>> *Step-1:*
>>>>
>>>> In the file slapd.conf i add following lines:
>>>>   password-hash   {CLEARTEXT}
>>>>   sasl-regexp uid=(.*),cn=DIGEST-MD5,cn=auth uid=$1,ou=System,o=db
>>>>
>>>> And perform ldapsearch in different way:
>>>> ldapsearch -Y DIGEST-MD5 -U sasluser2 -b 'o=db'
>>>>
>>>> But again got error as:
>>>> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
>>>>        additional info: SASL(-4): no mechanism available: No worthy
>>>> mechs
>>>> found
>>>>
>>>> Did you installed the sasl modules? (On debian the package name is
>>>> libsasl2-modules )
>>>>
>>>>
>>>> Please help in getting out of this issue.
>>>>
>>>> Thanks and Regards,
>>>> Gaurav Gugnani
>>>>
>>>>
>>>>
>>>> --
>>>> Raffael Sahlipublic@xxxxxxxxxxxxxxxx
>>>>
>>>>
>>>>
>> --
>> Dan White
>>
>
>
<Anterior por Tema] Tema Actual [Siguiente por Tema>