[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kadmin: hdb_open: ldap_sasl_bind_s: Authentication method notsupported

To: heimdal-discuss@sics.se
Subject: Re: kadmin: hdb_open: ldap_sasl_bind_s: Authentication method notsupported
From: fandino <fandino@ng.fadesa.es>
Date: Wed, 01 Jun 2005 13:14:49 +0200
In-Reply-To: <429AF627.8070000@ng.fadesa.es>
References: <42959FF8.9080807@ng.fadesa.es> <429915DB.5040108@highlandsun.com> <429AF627.8070000@ng.fadesa.es>
Reply-To: fandino@ng.fadesa.es
Sender: owner-heimdal-discuss@sics.se
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050319

fandino wrote:
> Howard Chu wrote:
> 
>> fandino wrote:
> 
> .....
> 
>>> # kadmin -l
>>> kadmin> init FADESA.ES
>>> kadmin: hdb_open: ldap_sasl_bind_s: Authentication method not supported
>>> kadmin>
>>>
>>>  bellow, you can see as the openldap server is contacted
>>> using the ldapi socket and the request is denied with the
>>> following message:
>>>
>>> "SASL(-4): no mechanism available: "
> 
> ....
> 
>>>  anyone knows why heimdal is trying contact the openldap
>>> server using an EXTERNAL mech and anonymous bind???
> 
> 
> Hello Howard,
> 
>> That's just the way the Heimdal code is written. You didn't mention what 
> 
> 
> hmmm then, I shouldn't see a sasl bind identity like this:
> 
> uidNumber=0\\\+gidNumber=.*,cn=peercred,cn=external,cn=auth
> 
> instead of
> 
>  ==> sasl_bind: dn="" mech=EXTERNAL datalen=0

some additional info.

running strace with kadmin I can see how effectively the socket is opened
and the response of openldap is "SASL(-4): no mechanism ava".

I will post this question in the openldap mailing list (or perhaps sasl
mailing list) if you feel that it would be a more appropriate site.

19:24:41 socket(PF_UNIX, SOCK_STREAM, 0) = 4
19:24:41 fcntl64(4, F_GETFL)            = 0x2 (flags O_RDWR)
19:24:41 fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0
19:24:41 connect(4, {sa_family=AF_UNIX, path="/var/run/slapd/ldapi"}, 110) = 0
19:24:41 fcntl64(4, F_GETFL)            = 0x802 (flags O_RDWR|O_NONBLOCK)
19:24:41 fcntl64(4, F_SETFL, O_RDWR)    = 0
19:24:41 time(NULL)                     = 1117560281
19:24:41 write(4, "0\30\2\1\1`\23\2\1\3\4\0\243\f\4\10EXTERNAL\4\0", 26) = 26
19:24:41 select(1024, [4], [], NULL, NULL) = 1 (in [4])
19:24:41 read(4, "0.\2\1\1a)\n", 8)     = 8
19:24:41 read(4, "\1\7\4\0\4\"SASL(-4): no mechanism ava"..., 40) = 40
19:24:41 time(NULL)                     = 1117560281
19:24:41 write(4, "0\5\2\1\2B\0", 7)    = 7
19:24:41 close(4)

>>  OS you're running on. Your system needs to support some form of
> 
> 
> sorry, I forget it. It's a SuSE Enterprise Server 9 (SLES9). A relatively
> common Linux distro.
> 
>> credential passing over Unix domain sockets in order for this to work. 
>> The OpenLDAP code currently supports the original 4.3 BSD Unix domain 
>> socket semantics, current Linux versions, AIX, and Solaris/SVR4.
> 
> 
> is there any special that needs to be done in cyrus-sasl to get this
> working?
> 
> currently openlap(2.2.26) and heimdal(0.6.4) are linked with cyrus-sasl
> 2.1.18
> 
> cyrus-sasl-crammd5-2.1.18-33.1
> cyrus-sasl-gssapi-2.1.18-33.1
> cyrus-sasl-2.1.18-33.8
> cyrus-sasl-digestmd5-2.1.18-33.1
> cyrus-sasl-plain-2.1.18-33.1
> 
> Thank you.

References:
- Re: kadmin: hdb_open: ldap_sasl_bind_s: Authentication method notsupported
  - From: Howard Chu <hyc@highlandsun.com>
- Re: kadmin: hdb_open: ldap_sasl_bind_s: Authentication method notsupported
  - From: fandino <fandino@ng.fadesa.es>

Prev by Date: 0.6.4 krb4 / kaserver redux
Next by Date: Re: Newbi again - good news and a slight irritation
Prev by thread: Re: kadmin: hdb_open: ldap_sasl_bind_s: Authentication method notsupported
Next by thread: Re: heimdal 0.7rc1
Index(es):
- Date
- Thread