[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heimdal with OpenLDAP backend problems

To: heimdal-discuss@sics.se, Antoine MILLET <antoine.millet@staff.epita.fr>
Subject: Re: Heimdal with OpenLDAP backend problems
From: Howard Chu <hyc@highlandsun.com>
Date: Fri, 06 Jul 2007 14:59:43 -0700
CC: Hai Zaar <haizaar@gmail.com>
In-Reply-To: <468E9228.70107@staff.epita.fr>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <468E3B81.1080301@staff.epita.fr> <468E3F44.3010207@staff.epita.fr> <cfb54190707061040h3fe30bdcr784b9c0f77c2825e@mail.gmail.com> <468E9228.70107@staff.epita.fr>
Reply-To: heimdal-discuss@sics.se, Howard Chu <hyc@highlandsun.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.9a7pre) Gecko/2007070305 SeaMonkey/2.0a1pre

It sounds like your OpenBSD system doesn't support identity passing over Unix 
Domain sockets. We disabled this feature on a number of platforms due to some 
vulnerabilities we discovered in the previous methods of credential passing. 
But I thought all of the current *BSD distros supported secure mechanisms for 
this feature.

Antoine MILLET wrote:
> Hai Zaar wrote:
>>>> my kadmin error :
>>>> kadmin -l
>>>> kadmin> init EPI.NET
>>>> kadmin: hdb_open: ldap_sasl_bind_s: Authentication method not 
>>> supported
>> You need to configure your OpenLDAP server to allow SASL-EXTERNAL auth
>> method and grant access to the auth-dn heimldal uses to access LDAP.
>> Please check (or post here) relevant logs from OpenLDAP
>>
>>
> Does I need to use " tls"  to do this ?
> 
> If you say yes, I need to put a certificate on my kdc to access to the 
> OpenLDAP db
> 
> Actuallly when I do init in kadmin, OpenLDAP with -d 512 say :
> 
> do_abandon: bad msgid 0
> 
> And with -d 1 say :
> 
>  >>> slap_listener(ldapi:///)
> connection_get(11): got connid=0
> connection_read(11): checking for input on id=0
> ber_get_next
> ber_get_next: tag 0x30 len 6 contents:
> ber_get_next
> ber_get_next: tag 0x30 len 24 contents:
> ber_get_next
> do_abandon
> ber_scanf fmt (i) ber:
> do_abandon: bad msgid 0
> do_bind
> ber_scanf fmt ({imt) ber:
> ber_scanf fmt ({m) ber:
> ber_scanf fmt (m) ber:
> ber_scanf fmt (}}) ber:
>  >>> dnPrettyNormal: <>
> <<< dnPrettyNormal: <>, <>
> do_sasl_bind: dn () mech EXTERNAL
> send_ldap_result: conn=0 op=1 p=3
> send_ldap_response: msgid=1 tag=97 err=7
> ber_flush: 32 bytes to sd 11
> connection_get(11): got connid=0
> connection_read(11): checking for input on id=0
> ber_get_next
> ber_get_next: tag 0x30 len 5 contents:
> ber_get_next
> ber_get_next on fd 11 failed errno=0 (Undefined error: 0)
> connection_closing: readying conn=0 sd=11 for close
> connection_close: deferring conn=0 sd=11
> do_unbind
> connection_resched: attempting closing conn=0 sd=11
> connection_close: conn=0 sd=11
> 
> Thanks.
> 


-- 
   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP     http://www.openldap.org/project/

References:
- Heimdal with OpenLDAP backend problems
  - From: Antoine MILLET <antoine.millet@staff.epita.fr>
- Re: Heimdal with OpenLDAP backend problems
  - From: Antoine MILLET <antoine.millet@staff.epita.fr>
- Re: Heimdal with OpenLDAP backend problems
  - From: "Hai Zaar" <haizaar@gmail.com>
- Re: Heimdal with OpenLDAP backend problems
  - From: Antoine MILLET <antoine.millet@staff.epita.fr>

Prev by Date: Re: Heimdal with OpenLDAP backend problems
Next by Date: spy products
Prev by thread: Re: Heimdal with OpenLDAP backend problems
Next by thread: spy products
Index(es):
- Date
- Thread