proxy auth в ldap'е +SASL

To: debian-russian@lists.debian.org
Subject: proxy auth в ldap'е +SASL
From: Peter Teslenko <smartchecker@gmail.com>
Date: Mon, 25 Dec 2006 13:26:52 +0300
Message-id: <[🔎] 458FA76C.2050307@gmail.com>
In-reply-to: <[🔎] 20061224172233.GA6250@tivelgov>
References: <[🔎] 20061224172233.GA6250@tivelgov>

Привет, коллеги.

Пытаюсь реализовать proxy auth в ldap'е
Авторизовывать юзеров хочу по атрибуту mail

Имеем в ldap'е

dn: uid=peter,ou=it,ou=people,dc=mcbfa,dc=local
uid: peter
givenName: Peter
sn: Teslenko
cn: Peter Teslenko
userPassword: mega_pass
homeDirectory: /var/spool/Maildir/peter
mail: peter@sandbox.mcbfa.local
maildrop: postmaster@sandbox.mcbfa.local
maildrop: postmaster@localhost.localdomain
maildrop: root@localhost.localdomain
maildrop: pt@sandbox.mcbfa.local
maildrop: abuse@sandbox.mcbfa.local
objectClass: CourierMailAlias
objectClass: CourierMailAccount
objectClass: inetOrgPerson
objectClass: qmailUser
creatorsName: cn=admin,dc=mcbfa,dc=local
createTimestamp: 20061223211316Z
uidNumber: 1001
gidNumber: 125
mailbox: /var/spool/Maildir/peter/Maildir
quota: 5120000S
modifiersName: cn=admin,dc=mcbfa,dc=local
modifyTimestamp: 20061223231316Z
subschemaSubentry: cn=Subschema
accountStatus: active

dn: uid=saslauthzproxy,ou=daemons,dc=mcbfa,dc=local
uid: saslauthzproxy
givenName: SASLAuthzProxy
sn: SASLAuthzProxy
cn: SASLAuthzProxy
userPassword: proxy_pass
#objectClass: top
#objectClass: account
objectClass: simpleSecurityObject
objectClass: inetOrgPerson
#ou: SASL
saslAuthzTo: ldap:///ou=people,dc=mcbfa,dc=local??sub?(objectclass=inetOrgPerson)
saslAuthzTo: ldap:///ou=it,ou=people,dc=mcbfa,dc=local??sub?(objectclass=inetOrgPerson)
saslAuthzTo: ldap:///ou=daemons,dc=mcbfa,dc=local??sub?(objectclass=inetOrgPerson)
mail: saslauthzproxy


/etc/ldap/slapd.conf

sasl-authz-policy       to
sasl-regexp
        uid=(.*),cn=(.*),cn=auth
        ldap:///dc=mcbfa,dc=local??sub?(&(objectclass=inetOrgPerson)(mail=$1))

/usr/lib/sasl2/slapd.conf
pwcheck_method: auxprop
auxprop_plugin: slapd
ldapdb_uri: ldap://sandbox.mcbfa.local
ldapdb_id: admin
ldapdb_pw: admin_pass
ldapdb_mech: digest-md5
mech_list: DIGEST-MD5


/etc/postfix/sasl/smtpd.conf
# Global parameters
log_level: 7
pwcheck_method: auxprop
#mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
mech_list: DIGEST-MD5

# Aux plugin params
auxprop_plugin: ldapdb
ldapdb_uri: ldap://sandbox.mcbfa.local
ldapdb_id: saslauthzproxy
ldapdb_pw: proxy_secret
ldapdb_mech: DIGEST-MD5
ldapdb_starttls: demand


Каждый юзер со своим паролем авторизацию проходит

root@sandbox:/home/peter# ldapwhoami -U peter@sandbox.mcbfa.local -Y DIGEST-MD5  -H ldap://localhost
SASL/DIGEST-MD5 authentication started
Please enter your password:
SASL username: peter@sandbox.mcbfa.local
SASL SSF: 128
SASL installing layers
dn:uid=peter,ou=it,ou=people,dc=mcbfa,dc=local
Result: Success (0)

root@sandbox:/home/peter# ldapwhoami -U saslauthzproxy -Y DIGEST-MD5  -H ldap://localhost
SASL/DIGEST-MD5 authentication started
Please enter your password:
SASL username: saslauthzproxy
SASL SSF: 128
SASL installing layers
dn:uid=saslauthzproxy,ou=daemons,dc=mcbfa,dc=local
Result: Success (0)

А вот если пытаться через проксю - облом

root@sandbox:/home/peter# ldapwhoami -U saslauthzproxy -Y DIGEST-MD5 -X u:peter@sanbdox.mcbfa.local -H ldap://localhost
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Insufficient access (50)
        additional info: SASL(-14): authorization failure: not authorized

В логе.

Dec 25 13:21:47 localhost slapd[1118]: >>> slap_listener(ldap:///)
Dec 25 13:21:47 localhost slapd[1118]: connection_get(11)
Dec 25 13:21:47 localhost slapd[1118]: connection_get(11): got connid=8
Dec 25 13:21:47 localhost slapd[1118]: connection_read(11): checking for input on id=8
Dec 25 13:21:47 localhost slapd[1118]: ber_get_next on fd 11 failed errno=11 (Resource temporarily unavailable)
Dec 25 13:21:47 localhost slapd[1118]: do_bind
Dec 25 13:21:47 localhost slapd[1118]: >>> dnPrettyNormal: <>
Dec 25 13:21:47 localhost slapd[1118]: <<< dnPrettyNormal: <>, <>
Dec 25 13:21:47 localhost slapd[1118]: do_sasl_bind: dn () mech DIGEST-MD5
Dec 25 13:21:47 localhost slapd[1118]: ==> sasl_bind: dn="" mech=DIGEST-MD5 datalen=0
Dec 25 13:21:47 localhost slapd[1118]: SASL [conn=8] Debug: DIGEST-MD5 server step 1
Dec 25 13:21:47 localhost slapd[1118]: send_ldap_sasl: err=14 len=194
Dec 25 13:21:47 localhost slapd[1118]: send_ldap_response: msgid=1 tag=97 err=14
Dec 25 13:21:47 localhost slapd[1118]: <== slap_sasl_bind: rc=14
Dec 25 13:21:54 localhost slapd[1118]: connection_get(11)
Dec 25 13:21:54 localhost slapd[1118]: connection_get(11): got connid=8
Dec 25 13:21:54 localhost slapd[1118]: connection_read(11): checking for input on id=8
Dec 25 13:21:54 localhost slapd[1118]: ber_get_next on fd 11 failed errno=11 (Resource temporarily unavailable)
Dec 25 13:21:54 localhost slapd[1118]: do_bind
Dec 25 13:21:54 localhost slapd[1118]: >>> dnPrettyNormal: <>
Dec 25 13:21:54 localhost slapd[1118]: <<< dnPrettyNormal: <>, <>
Dec 25 13:21:54 localhost slapd[1118]: do_sasl_bind: dn () mech DIGEST-MD5
Dec 25 13:21:54 localhost slapd[1118]: ==> sasl_bind: dn="" mech=<continuing> datalen=332
Dec 25 13:21:54 localhost slapd[1118]: SASL [conn=8] Debug: DIGEST-MD5 server step 2
Dec 25 13:21:54 localhost slapd[1118]: SASL Canonicalize [conn=8]: authcid="saslauthzproxy"
Dec 25 13:21:54 localhost slapd[1118]: slap_sasl_getdn: conn 8 id=saslauthzproxy [len=14]
Dec 25 13:21:54 localhost slapd[1118]: slap_sasl_getdn: u:id converted to uid=saslauthzproxy,cn=DIGEST-MD5,cn=auth
Dec 25 13:21:54 localhost slapd[1118]: >>> dnNormalize: <uid=saslauthzproxy,cn=DIGEST-MD5,cn=auth>
Dec 25 13:21:54 localhost slapd[1118]: <<< dnNormalize: <uid=saslauthzproxy,cn=digest-md5,cn=auth>
Dec 25 13:21:54 localhost slapd[1118]: ==>slap_sasl2dn: converting SASL name uid=saslauthzproxy,cn=digest-md5,cn=auth to a DN
Dec 25 13:21:54 localhost slapd[1118]: slap_authz_regexp: converting SASL name uid=saslauthzproxy,cn=digest-md5,cn=auth

Dec 25 13:21:54 localhost slapd[1118]: slap_authz_regexp: converted SASL name toldap:///dc=mcbfa,dc=local??sub?(&(objectclass=inetOrgPerson)(mail=saslauthzproxy))Dec 25 13:21:54 localhost slapd[1118]: slap_parseURI: parsingldap:///dc=mcbfa,dc=local??sub?(&(objectclass=inetOrgPerson)(mail=saslauthzproxy))

Dec 25 13:21:54 localhost slapd[1118]: >>> dnNormalize: <dc=mcbfa,dc=local>
Dec 25 13:21:54 localhost slapd[1118]: <<< dnNormalize: <dc=mcbfa,dc=local>
Dec 25 13:21:54 localhost slapd[1118]: slap_sasl2dn: performing internal search (base=dc=mcbfa,dc=local, scope=2)
Dec 25 13:21:54 localhost slapd[1118]: => bdb_search
Dec 25 13:21:54 localhost slapd[1118]: bdb_dn2entry("dc=mcbfa,dc=local")
Dec 25 13:21:54 localhost slapd[1118]: search_candidates: base="dc=mcbfa,dc=local" (0x00000001) scope=2
Dec 25 13:21:54 localhost slapd[1118]: => bdb_dn2idl("dc=mcbfa,dc=local")
Dec 25 13:21:54 localhost slapd[1118]: => bdb_equality_candidates (objectClass)
Dec 25 13:21:54 localhost slapd[1118]: => key_read
Dec 25 13:21:54 localhost slapd[1118]: bdb_idl_fetch_key: [b49d1940]
Dec 25 13:21:54 localhost slapd[1118]: <= bdb_index_read: failed (-30990)
Dec 25 13:21:54 localhost slapd[1118]: <= bdb_equality_candidates: id=0, first=0, last=0
Dec 25 13:21:54 localhost slapd[1118]: => bdb_equality_candidates (objectClass)
Dec 25 13:21:54 localhost slapd[1118]: => key_read
Dec 25 13:21:54 localhost slapd[1118]: bdb_idl_fetch_key: [860433ad]
Dec 25 13:21:54 localhost slapd[1118]: <= bdb_index_read 3 candidates
Dec 25 13:21:54 localhost slapd[1118]: <= bdb_equality_candidates: id=3, first=5, last=11
Dec 25 13:21:54 localhost slapd[1118]: => bdb_equality_candidates (mail)
Dec 25 13:21:54 localhost slapd[1118]: <= bdb_equality_candidates: (mail) index_param failed (18)
Dec 25 13:21:54 localhost slapd[1118]: bdb_search_candidates: id=3 first=5 last=11
Dec 25 13:21:54 localhost slapd[1118]: bdb_search: 5 does not match filter
Dec 25 13:21:54 localhost slapd[1118]: bdb_search: 6 does not match filter
Dec 25 13:21:54 localhost slapd[1118]: send_ldap_result: conn=8 op=1 p=3
Dec 25 13:21:54 localhost slapd[1118]: send_ldap_result: err=0 matched="" text=""
Dec 25 13:21:54 localhost slapd[1118]: <==slap_sasl2dn: Converted SASL name to uid=saslauthzproxy,ou=daemons,dc=mcbfa,dc=local
Dec 25 13:21:54 localhost slapd[1118]: slap_sasl_getdn: dn:id converted to uid=saslauthzproxy,ou=daemons,dc=mcbfa,dc=local
Dec 25 13:21:54 localhost slapd[1118]: SASL Canonicalize [conn=8]: slapAuthcDN="uid=saslauthzproxy,ou=daemons,dc=mcbfa,dc=local"
Dec 25 13:21:54 localhost slapd[1118]: => bdb_search
Dec 25 13:21:54 localhost slapd[1118]: bdb_dn2entry("uid=saslauthzproxy,ou=daemons,dc=mcbfa,dc=local")
Dec 25 13:21:54 localhost slapd[1118]: base_candidates: base: "uid=saslauthzproxy,ou=daemons,dc=mcbfa,dc=local" (0x0000000b)
Dec 25 13:21:54 localhost slapd[1118]: slap_ap_lookup: str2ad(cmusaslsecretDIGEST-MD5): attribute type undefined
Dec 25 13:21:54 localhost slapd[1118]: send_ldap_result: conn=8 op=1 p=3
Dec 25 13:21:54 localhost slapd[1118]: send_ldap_result: err=0 matched="" text=""
Dec 25 13:21:54 localhost slapd[1118]: SASL Canonicalize [conn=8]: authzid="u:peter@sanbdox.mcbfa.local"
Dec 25 13:21:54 localhost slapd[1118]: slap_sasl_getdn: conn 8 id=u:peter@sanbdox.mcbfa.local [len=27]
Dec 25 13:21:54 localhost slapd[1118]: slap_sasl_getdn: u:id converted to uid=peter@sanbdox.mcbfa.local,cn=DIGEST-MD5,cn=auth
Dec 25 13:21:54 localhost slapd[1118]: >>> dnNormalize: <uid=peter@sanbdox.mcbfa.local,cn=DIGEST-MD5,cn=auth>
Dec 25 13:21:54 localhost slapd[1118]: <<< dnNormalize: <uid=peter@sanbdox.mcbfa.local,cn=digest-md5,cn=auth>

Dec 25 13:21:54 localhost slapd[1118]: ==>slap_sasl2dn: converting SASL name uid=peter@sanbdox.mcbfa.local,cn=digest-md5,cn=authto a DN

Dec 25 13:21:54 localhost slapd[1118]: slap_authz_regexp: converting SASL name uid=peter@sanbdox.mcbfa.local,cn=digest-md5,cn=auth

Dec 25 13:21:54 localhost slapd[1118]: slap_authz_regexp: converted SASL name toldap:///dc=mcbfa,dc=local??sub?(&(objectclass=inetOrgPerson)(mail=peter@sanbdox.mcbfa.local))Dec 25 13:21:54 localhost slapd[1118]: slap_parseURI: parsingldap:///dc=mcbfa,dc=local??sub?(&(objectclass=inetOrgPerson)(mail=peter@sanbdox.mcbfa.local))

Dec 25 13:21:54 localhost slapd[1118]: >>> dnNormalize: <dc=mcbfa,dc=local>
Dec 25 13:21:54 localhost slapd[1118]: <<< dnNormalize: <dc=mcbfa,dc=local>
Dec 25 13:21:54 localhost slapd[1118]: slap_sasl2dn: performing internal search (base=dc=mcbfa,dc=local, scope=2)
Dec 25 13:21:54 localhost slapd[1118]: => bdb_search
Dec 25 13:21:54 localhost slapd[1118]: bdb_dn2entry("dc=mcbfa,dc=local")
Dec 25 13:21:54 localhost slapd[1118]: search_candidates: base="dc=mcbfa,dc=local" (0x00000001) scope=2
Dec 25 13:21:54 localhost slapd[1118]: => bdb_dn2idl("dc=mcbfa,dc=local")
Dec 25 13:21:54 localhost slapd[1118]: => bdb_equality_candidates (objectClass)
Dec 25 13:21:54 localhost slapd[1118]: => key_read
Dec 25 13:21:54 localhost slapd[1118]: bdb_idl_fetch_key: [b49d1940]
Dec 25 13:21:54 localhost slapd[1118]: <= bdb_index_read: failed (-30990)
Dec 25 13:21:54 localhost slapd[1118]: <= bdb_equality_candidates: id=0, first=0, last=0
Dec 25 13:21:54 localhost slapd[1118]: => bdb_equality_candidates (objectClass)
Dec 25 13:21:54 localhost slapd[1118]: => key_read
Dec 25 13:21:54 localhost slapd[1118]: bdb_idl_fetch_key: [860433ad]
Dec 25 13:21:54 localhost slapd[1118]: <= bdb_index_read 3 candidates
Dec 25 13:21:54 localhost slapd[1118]: <= bdb_equality_candidates: id=3, first=5, last=11
Dec 25 13:21:54 localhost slapd[1118]: => bdb_equality_candidates (mail)
Dec 25 13:21:54 localhost slapd[1118]: <= bdb_equality_candidates: (mail) index_param failed (18)
Dec 25 13:21:54 localhost slapd[1118]: bdb_search_candidates: id=3 first=5 last=11
Dec 25 13:21:54 localhost slapd[1118]: bdb_search: 5 does not match filter
Dec 25 13:21:54 localhost slapd[1118]: bdb_search: 6 does not match filter
Dec 25 13:21:54 localhost slapd[1118]: bdb_search: 11 does not match filter
Dec 25 13:21:54 localhost slapd[1118]: send_ldap_result: conn=8 op=1 p=3
Dec 25 13:21:54 localhost slapd[1118]: send_ldap_result: err=0 matched="" text=""
Dec 25 13:21:54 localhost slapd[1118]: <==slap_sasl2dn: Converted SASL name to <nothing>
Dec 25 13:21:54 localhost slapd[1118]: SASL Canonicalize [conn=8]: slapAuthzDN="uid=peter@sanbdox.mcbfa.local,cn=digest-md5,cn=auth"
Dec 25 13:21:54 localhost slapd[1118]: SASL proxy authorize [conn=8]: authcid="saslauthzproxy" authzid="u:peter@sanbdox.mcbfa.local"

Dec 25 13:21:54 localhost slapd[1118]: ==>slap_sasl_authorized: can uid=saslauthzproxy,ou=daemons,dc=mcbfa,dc=local becomeuid=peter@sanbdox.mcbfa.local,cn=digest-md5,cn=auth?Dec 25 13:21:54 localhost slapd[1118]: ==>slap_sasl_check_authz: does uid=peter@sanbdox.mcbfa.local,cn=digest-md5,cn=auth matchauthzTo rule in uid=saslauthzproxy,ou=daemons,dc=mcbfa,dc=local?

Dec 25 13:21:54 localhost slapd[1118]: => bdb_entry_get: ndn: "uid=saslauthzproxy,ou=daemons,dc=mcbfa,dc=local"
Dec 25 13:21:54 localhost slapd[1118]: => bdb_entry_get: oc: "(null)", at: "authzTo"
Dec 25 13:21:54 localhost slapd[1118]: bdb_dn2entry("uid=saslauthzproxy,ou=daemons,dc=mcbfa,dc=local")
Dec 25 13:21:54 localhost slapd[1118]: bdb_entry_get: rc=0

Dec 25 13:21:54 localhost slapd[1118]: ===>slap_sasl_match: comparing DN uid=peter@sanbdox.mcbfa.local,cn=digest-md5,cn=auth torule ldap:///ou=people,dc=mcbfa,dc=local??sub?(objectclass=inetOrgPerson)

Dec 25 13:21:54 localhost slapd[1118]: slap_parseURI: parsing ldap:///ou=people,dc=mcbfa,dc=local??sub?(objectclass=inetOrgPerson)
Dec 25 13:21:54 localhost slapd[1118]: >>> dnNormalize: <ou=people,dc=mcbfa,dc=local>
Dec 25 13:21:54 localhost slapd[1118]: <<< dnNormalize: <ou=people,dc=mcbfa,dc=local>
Dec 25 13:21:54 localhost slapd[1118]: slap_sasl_match: performing internal search (base=ou=people,dc=mcbfa,dc=local, scope=2)
Dec 25 13:21:54 localhost slapd[1118]: => bdb_search
Dec 25 13:21:54 localhost slapd[1118]: bdb_dn2entry("ou=people,dc=mcbfa,dc=local")
Dec 25 13:21:54 localhost slapd[1118]: search_candidates: base="ou=people,dc=mcbfa,dc=local" (0x00000002) scope=2
Dec 25 13:21:54 localhost slapd[1118]: => bdb_dn2idl("ou=people,dc=mcbfa,dc=local")
Dec 25 13:21:54 localhost slapd[1118]: bdb_idl_fetch_key: @ou=people,dc=mcbfa,dc=local
Dec 25 13:21:54 localhost slapd[1118]: <= bdb_dn2idl: id=5 first=2 last=6
Dec 25 13:21:54 localhost slapd[1118]: => bdb_equality_candidates (objectClass)
Dec 25 13:21:54 localhost slapd[1118]: => key_read
Dec 25 13:21:54 localhost slapd[1118]: bdb_idl_fetch_key: [b49d1940]
Dec 25 13:21:54 localhost slapd[1118]: <= bdb_index_read: failed (-30990)
Dec 25 13:21:54 localhost slapd[1118]: <= bdb_equality_candidates: id=0, first=0, last=0
Dec 25 13:21:54 localhost slapd[1118]: => bdb_equality_candidates (objectClass)
Dec 25 13:21:54 localhost slapd[1118]: => key_read
Dec 25 13:21:54 localhost slapd[1118]: bdb_idl_fetch_key: [860433ad]
Dec 25 13:21:54 localhost slapd[1118]: <= bdb_index_read 3 candidates
Dec 25 13:21:54 localhost slapd[1118]: <= bdb_equality_candidates: id=3, first=5, last=11
Dec 25 13:21:54 localhost slapd[1118]: bdb_search_candidates: id=2 first=5 last=6
Dec 25 13:21:54 localhost slapd[1118]: send_ldap_result: conn=8 op=1 p=3
Dec 25 13:21:54 localhost slapd[1118]: send_ldap_result: err=0 matched="" text=""
Dec 25 13:21:54 localhost slapd[1118]: <===slap_sasl_match: comparison returned 48

Dec 25 13:21:54 localhost slapd[1118]: ===>slap_sasl_match: comparing DN uid=peter@sanbdox.mcbfa.local,cn=digest-md5,cn=auth torule ldap:///ou=it,ou=people,dc=mcbfa,dc=local??sub?(objectclass=inetOrgPerson)Dec 25 13:21:54 localhost slapd[1118]: slap_parseURI: parsingldap:///ou=it,ou=people,dc=mcbfa,dc=local??sub?(objectclass=inetOrgPerson)

Dec 25 13:21:54 localhost slapd[1118]: >>> dnNormalize: <ou=it,ou=people,dc=mcbfa,dc=local>
Dec 25 13:21:54 localhost slapd[1118]: <<< dnNormalize: <ou=it,ou=people,dc=mcbfa,dc=local>
Dec 25 13:21:54 localhost slapd[1118]: slap_sasl_match: performing internal search (base=ou=it,ou=people,dc=mcbfa,dc=local, scope=2)
Dec 25 13:21:54 localhost slapd[1118]: => bdb_search
Dec 25 13:21:54 localhost slapd[1118]: bdb_dn2entry("ou=it,ou=people,dc=mcbfa,dc=local")
Dec 25 13:21:54 localhost slapd[1118]: search_candidates: base="ou=it,ou=people,dc=mcbfa,dc=local" (0x00000003) scope=2
Dec 25 13:21:54 localhost slapd[1118]: => bdb_dn2idl("ou=it,ou=people,dc=mcbfa,dc=local")
Dec 25 13:21:54 localhost slapd[1118]: bdb_idl_fetch_key: @ou=it,ou=people,dc=mcbfa,dc=local
Dec 25 13:21:54 localhost slapd[1118]: <= bdb_dn2idl: id=3 first=3 last=6
Dec 25 13:21:54 localhost slapd[1118]: => bdb_equality_candidates (objectClass)
Dec 25 13:21:54 localhost slapd[1118]: => key_read
Dec 25 13:21:54 localhost slapd[1118]: bdb_idl_fetch_key: [b49d1940]
Dec 25 13:21:54 localhost slapd[1118]: <= bdb_index_read: failed (-30990)
Dec 25 13:21:54 localhost slapd[1118]: <= bdb_equality_candidates: id=0, first=0, last=0
Dec 25 13:21:54 localhost slapd[1118]: => bdb_equality_candidates (objectClass)
Dec 25 13:21:54 localhost slapd[1118]: => key_read
Dec 25 13:21:54 localhost slapd[1118]: bdb_idl_fetch_key: [860433ad]
Dec 25 13:21:54 localhost slapd[1118]: <= bdb_index_read 3 candidates
Dec 25 13:21:54 localhost slapd[1118]: <= bdb_equality_candidates: id=3, first=5, last=11
Dec 25 13:21:54 localhost slapd[1118]: bdb_search_candidates: id=2 first=5 last=6
Dec 25 13:21:54 localhost slapd[1118]: send_ldap_result: conn=8 op=1 p=3
Dec 25 13:21:54 localhost slapd[1118]: send_ldap_result: err=0 matched="" text=""
Dec 25 13:21:54 localhost slapd[1118]: <===slap_sasl_match: comparison returned 48

Dec 25 13:21:54 localhost slapd[1118]: ===>slap_sasl_match: comparing DN uid=peter@sanbdox.mcbfa.local,cn=digest-md5,cn=auth torule ldap:///ou=daemons,dc=mcbfa,dc=local??sub?(objectclass=inetOrgPerson)

Dec 25 13:21:54 localhost slapd[1118]: slap_parseURI: parsing ldap:///ou=daemons,dc=mcbfa,dc=local??sub?(objectclass=inetOrgPerson)
Dec 25 13:21:54 localhost slapd[1118]: >>> dnNormalize: <ou=daemons,dc=mcbfa,dc=local>
Dec 25 13:21:54 localhost slapd[1118]: <<< dnNormalize: <ou=daemons,dc=mcbfa,dc=local>
Dec 25 13:21:54 localhost slapd[1118]: slap_sasl_match: performing internal search (base=ou=daemons,dc=mcbfa,dc=local, scope=2)
Dec 25 13:21:54 localhost slapd[1118]: => bdb_search
Dec 25 13:21:54 localhost slapd[1118]: bdb_dn2entry("ou=daemons,dc=mcbfa,dc=local")
Dec 25 13:21:54 localhost slapd[1118]: search_candidates: base="ou=daemons,dc=mcbfa,dc=local" (0x00000007) scope=2
Dec 25 13:21:54 localhost slapd[1118]: => bdb_dn2idl("ou=daemons,dc=mcbfa,dc=local")
Dec 25 13:21:54 localhost slapd[1118]: bdb_idl_fetch_key: @ou=daemons,dc=mcbfa,dc=local
Dec 25 13:21:54 localhost slapd[1118]: <= bdb_dn2idl: id=5 first=7 last=11
Dec 25 13:21:54 localhost slapd[1118]: => bdb_equality_candidates (objectClass)
Dec 25 13:21:54 localhost slapd[1118]: => key_read
Dec 25 13:21:54 localhost slapd[1118]: bdb_idl_fetch_key: [b49d1940]
Dec 25 13:21:54 localhost slapd[1118]: <= bdb_index_read: failed (-30990)
Dec 25 13:21:54 localhost slapd[1118]: <= bdb_equality_candidates: id=0, first=0, last=0
Dec 25 13:21:54 localhost slapd[1118]: => bdb_equality_candidates (objectClass)
Dec 25 13:21:54 localhost slapd[1118]: => key_read
Dec 25 13:21:54 localhost slapd[1118]: bdb_idl_fetch_key: [860433ad]
Dec 25 13:21:54 localhost slapd[1118]: <= bdb_index_read 3 candidates
Dec 25 13:21:54 localhost slapd[1118]: <= bdb_equality_candidates: id=3, first=5, last=11
Dec 25 13:21:54 localhost slapd[1118]: bdb_search_candidates: id=1 first=11 last=11
Dec 25 13:21:54 localhost slapd[1118]: send_ldap_result: conn=8 op=1 p=3
Dec 25 13:21:54 localhost slapd[1118]: send_ldap_result: err=0 matched="" text=""
Dec 25 13:21:54 localhost slapd[1118]: <===slap_sasl_match: comparison returned 48
Dec 25 13:21:54 localhost slapd[1118]: <==slap_sasl_check_authz: authzTo check returning 48
Dec 25 13:21:54 localhost slapd[1118]: <== slap_sasl_authorized: return 48
Dec 25 13:21:54 localhost slapd[1118]: SASL Proxy Authorize [conn=8]: proxy authorization disallowed (48)
Dec 25 13:21:54 localhost slapd[1118]: SASL [conn=8] Failure: not authorized
Dec 25 13:21:54 localhost slapd[1118]: send_ldap_result: conn=8 op=1 p=3
Dec 25 13:21:54 localhost slapd[1118]: send_ldap_result: err=50 matched="" text="SASL(-14): authorization failure: not authorized"
Dec 25 13:21:54 localhost slapd[1118]: send_ldap_response: msgid=2 tag=97 err=50
Dec 25 13:21:54 localhost slapd[1118]: <== slap_sasl_bind: rc=50
Dec 25 13:21:54 localhost slapd[1118]: connection_get(11)
Dec 25 13:21:54 localhost slapd[1118]: connection_get(11): got connid=8
Dec 25 13:21:54 localhost slapd[1118]: connection_read(11): checking for input on id=8
Dec 25 13:21:54 localhost slapd[1118]: ber_get_next on fd 11 failed errno=0 (Success)
Dec 25 13:21:54 localhost slapd[1118]: connection_closing: readying conn=8 sd=11 for close
Dec 25 13:21:54 localhost slapd[1118]: connection_close: conn=8 sd=-1

Где и что я упустил?

--
Peter Teslenko

Reply to:

References:
- разборки с bluetooth
  - From: Timur Elzhov <elzhov@warelex.com>

Prev by Date: Re: работа с интернет банками из под эхотага
Next by Date: Управение информацией: средства и методы ведения информационных войн
Previous by thread: разборки с bluetooth
Next by thread: 结果可控的年度营销计划高级研讨会vishhyjoyakagsk@yeah.net
Index(es):
- Date
- Thread