Skip to Main Content
Forums

Security Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

error=49 from the LDAP server for GSSAPI Kerberos authentication

807573Feb 22 2007 — edited Feb 26 2007
I am trying to find solution for ldapsearch failure with GSSAPI Kerberos authentication . I am running Sun Directory Server 5.2 P4 on a Solaris-9 sparc machine..

Steps :

bash-2.05# kinit tester1
Password for tester1@TEST1.COM:
bash-2.05#

When I do ldapsearch , I am getting following logs on the server :

tail -f /var/Sun/mps/slapd-bf1r-dsun-1/logs/access
[22/Feb/2007:01:44:16 -0700] conn=32 op=-1 msgId=-1 - fd=26 slot=26 LDAP connection from 10.7.30.185 to 10.7.30.16
[22/Feb/2007:01:44:16 -0700] conn=32 op=0 msgId=1 - BIND dn="uid=tester1,ou=people,dc=test1,dc=com" method=sasl version=3 mech=GSSAPI
[22/Feb/2007:01:44:16 -0700] conn=32 op=0 msgId=1 - RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress
[22/Feb/2007:01:44:16 -0700] conn=32 op=1 msgId=2 - BIND dn="uid=tester1,ou=people,dc=test1,dc=com" method=sasl version=3 mech=GSSAPI
[22/Feb/2007:01:44:16 -0700] conn=32 op=1 msgId=2 - RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress
[22/Feb/2007:01:44:16 -0700] conn=32 op=2 msgId=3 - BIND dn="uid=tester1,ou=people,dc=test1,dc=com" method=sasl version=3 mech=GSSAPI
[22/Feb/2007:01:44:16 -0700] conn=32 op=2 msgId=3 - RESULT err=49 tag=97 nentries=0 etime=0
[22/Feb/2007:01:44:16 -0700] conn=32 op=3 msgId=4 - UNBIND
[22/Feb/2007:01:44:16 -0700] conn=32 op=3 msgId=-1 - closing - U1
[22/Feb/2007:01:44:17 -0700] conn=32 op=-1 msgId=-1 - closed.
[22/Feb/2007:01:45:50 -0700] conn=33 op=-1 msgId=-1 - fd=26 slot=26 LDAP connection from 10.7.30.185 to 10.7.30.16
[22/Feb/2007:01:45:50 -0700] conn=33 op=0 msgId=1 - BIND dn="uid=tester1,ou=people,dc=test1,dc=com" method=sasl version=3 mech=GSSAPI
[22/Feb/2007:01:45:50 -0700] conn=33 op=0 msgId=1 - RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress
[22/Feb/2007:01:45:50 -0700] conn=33 op=1 msgId=2 - BIND dn="uid=tester1,ou=people,dc=test1,dc=com" method=sasl version=3 mech=GSSAPI
[22/Feb/2007:01:45:50 -0700] conn=33 op=1 msgId=2 - RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress
[22/Feb/2007:01:45:50 -0700] conn=33 op=2 msgId=3 - BIND dn="uid=tester1,ou=people,dc=test1,dc=com" method=sasl version=3 mech=GSSAPI
[22/Feb/2007:01:45:50 -0700] conn=33 op=2 msgId=3 - RESULT err=49 tag=97 nentries=0 etime=0
[22/Feb/2007:01:45:50 -0700] conn=33 op=3 msgId=4 - UNBIND
[22/Feb/2007:01:45:50 -0700] conn=33 op=3 msgId=-1 - closing - U1
[22/Feb/2007:01:45:51 -0700] conn=33 op=-1 msgId=-1 - closed.

-------------------------------------------------------------------------

I am using default Identiy Mapping and the ldif file looks like this :

dn: cn=default,cn=GSSAPI,cn=identity mapping,cn=config
objectClass: dsIdentityMapping
objectClass: nsContainer
objectClass: dsPatternMatching
objectClass: top
cn: default
dsMatching-pattern: ${Principal}
creatorsName: cn=directory manager
createTimestamp: 20070220045812Z
dsMatching-regexp: uid=(.*)
dsSearchBaseDN: ou=people,dc=test1,dc=com
dsMappedDN: uid=${Principal},ou=people,dc=test1,dc=com
modifiersName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
t
modifyTimestamp: 20070221082740Z
-------------------------------------------------------------------------------------------

Following is the snoop for LDAP on the server :

bash-2.05# !snoop
snoop -v port 389 | grep LDAP
Using device /dev/eri (promiscuous mode)
TCP: Destination port = 389 (LDAP)
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- Lightweight Directory Access Protocol Header -----
LDAP: *[LDAPMessage]
LDAP: [Message ID]
LDAP: Operation *[APPL 0: Bind Request]
LDAP: [Version]
LDAP: [Object Name]
LDAP: uid=tester1,ou=people,dc=test1,d
LDAP: c=com
LDAP: Authentication: SASL *[3]
LDAP: [OctetString]
LDAP: GSSAPI
LDAP: [OctetString]
LDAP: *** NOT PRINTED - Too long value ***
LDAP:
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
LDAP: ----- Lightweight Directory Access Protocol Header -----
LDAP: *[LDAPMessage]
LDAP: [Message ID]
LDAP: Operation *[APPL 1: Bind Response]
LDAP: [Result Code]
LDAP: SASL Bind In Progress
LDAP: [Matched DN]
LDAP: [Error Message]
LDAP: SASL Credentials [7]
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- Lightweight Directory Access Protocol Header -----
LDAP: *[LDAPMessage]
LDAP: [Message ID]
LDAP: Operation *[APPL 0: Bind Request]
LDAP: [Version]
LDAP: [Object Name]
LDAP: uid=tester1,ou=people,dc=test1,d
LDAP: c=com
LDAP: Authentication: SASL *[3]
LDAP: [OctetString]
LDAP: GSSAPI
LDAP:
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
LDAP: ----- Lightweight Directory Access Protocol Header -----
LDAP: *[LDAPMessage]
LDAP: [Message ID]
LDAP: Operation *[APPL 1: Bind Response]
LDAP: [Result Code]
LDAP: SASL Bind In Progress
LDAP: [Matched DN]
LDAP: [Error Message]
LDAP: SASL Credentials [7]
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- Lightweight Directory Access Protocol Header -----
LDAP: *[LDAPMessage]
LDAP: [Message ID]
LDAP: Operation *[APPL 0: Bind Request]
LDAP: [Version]
LDAP: [Object Name]
LDAP: uid=tester1,ou=people,dc=test1,d
LDAP: c=com
LDAP: Authentication: SASL *[3]
LDAP: [OctetString]
LDAP: GSSAPI
LDAP: [OctetString]
LDAP:
LDAP: ----- Lightweight Directory Access Protocol Header -----
LDAP: *[LDAPMessage]
LDAP: [Message ID]
LDAP: Operation *[APPL 1: Bind Response]
LDAP: [Result Code]
LDAP: 1
LDAP: Invalid Credentials
LDAP: [Matched DN]
LDAP: [Error Message]
LDAP: SASL(-1): generic failure:
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- Lightweight Directory Access Protocol Header -----
LDAP: *[LDAPMessage]
LDAP: [Message ID]
LDAP: Operation [APPL 2: Unbind Request]
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:


Please help me on how to fix this issue.

Thanks,
Radhakrishnan
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Mar 26 2007
Added on Feb 22 2007
#identity-management, #oracle-unified-directory-oud-oracle-directory-server-enterprise-edition-sun-dsee
1 comment
719 views