SOLVED - Homework 1.6 - testsaslauthd failed

A typo in /etc/saslauthd.conf

The label of the last line is not ldap_search_filter:

8-(

testsaslauthd failed with -u adam and -p password.

Sorry for the long message.

  1. On infrastructure.m310…

slapd.service - OpenLDAP Server Daemon
Loaded: loaded (/usr/lib/systemd/system/slapd.service; disabled; vendor preset: disabled)
Active: active (running) since Fri 2019-01-11 22:52:16 UTC; 3s ago
Docs: man:slapd
man:slapd-config
man:slapd-hdb
man:slapd-mdb
file:///usr/share/doc/openldap-servers/guide.html
Process: 19494 ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS (code=exited, status=0/SUCCESS)
Process: 19458 ExecStartPre=/usr/libexec/openldap/check-config.sh (code=exited, status=0/SUCCESS)
Main PID: 19497 (slapd)
CGroup: /system.slice/slapd.service
└─19497 /usr/sbin/slapd -u ldap -h ldapi:/// ldap:///

an 11 22:52:16 infrastructure.m310.mongodb.university runuser[19482]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
an 11 22:52:16 infrastructure.m310.mongodb.university runuser[19484]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
an 11 22:52:16 infrastructure.m310.mongodb.university runuser[19486]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
an 11 22:52:16 infrastructure.m310.mongodb.university runuser[19488]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
an 11 22:52:16 infrastructure.m310.mongodb.university runuser[19490]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
an 11 22:52:16 infrastructure.m310.mongodb.university runuser[19492]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
an 11 22:52:16 infrastructure.m310.mongodb.university slapd[19494]: @(#) OpenLDAP: slapd 2.4.44 (Oct 30 2018 23:14:27)
mockbuild@x86-01.bsys.centos.org:/builddir/build/BUILD/openldap-2.4
44/openldap-2.4.44/servers/slapd
an 11 22:52:16 infrastructure.m310.mongodb.university slapd[19497]: hdb_db_open: warning - no DB_CONFIG file found in directory /var/lib/ldap:
2).
Expect poor performance for suffix “dc=mongodb,dc=com”.
an 11 22:52:16 infrastructure.m310.mongodb.university slapd[19497]: slapd starting
an 11 22:52:16 infrastructure.m310.mongodb.university systemd[1]: Started OpenLDAP Server Daemon.

So OpenLDAP is running but might be slow.

  1. The user adam is configured correctly since I can change the password back and forth from password to webscale. And the logs from openldap are:
    Jan 11 22:54:15 infrastructure.m310.mongodb.university slapd[19497]: conn=1001 fd=11 closed
    Jan 11 22:56:26 infrastructure.m310.mongodb.university slapd[19497]: conn=1002 fd=11 ACCEPT from IP=[::1]:44766 (IP=[::]:389)
    Jan 11 22:56:26 infrastructure.m310.mongodb.university slapd[19497]: conn=1002 op=0 BIND dn=“cn=Manager,dc=mongodb,dc=com” method=128
    Jan 11 22:56:26 infrastructure.m310.mongodb.university slapd[19497]: conn=1002 op=0 BIND dn=“cn=Manager,dc=mongodb,dc=com” mech=SIMPLE ssf=0
    Jan 11 22:56:26 infrastructure.m310.mongodb.university slapd[19497]: conn=1002 op=0 RESULT tag=97 err=0 text=
    Jan 11 22:56:26 infrastructure.m310.mongodb.university slapd[19497]: conn=1002 op=1 EXT oid=1.3.6.1.4.1.4203.1.11.1
    Jan 11 22:56:26 infrastructure.m310.mongodb.university slapd[19497]: conn=1002 op=1 PASSMOD id=“cn=adam,ou=Users,dc=mongodb,dc=com” old new
    Jan 11 22:56:26 infrastructure.m310.mongodb.university slapd[19497]: conn=1002 op=1 RESULT oid= err=0 text=
    Jan 11 22:56:26 infrastructure.m310.mongodb.university slapd[19497]: conn=1002 op=2 UNBIND
    Jan 11 22:56:26 infrastructure.m310.mongodb.university slapd[19497]: conn=1002 fd=11 closed

If I use a wrong password or non existant user I get python errors.

3 When I run testsaslauthd on database.m103… I get the following ldap logs:
Jan 11 22:57:22 infrastructure.m310.mongodb.university slapd[19497]: conn=1003 op=1 RESULT oid= err=53 text=unwilling to verify old password
Jan 11 22:57:22 infrastructure.m310.mongodb.university slapd[19497]: conn=1003 op=2 UNBIND
Jan 11 22:57:22 infrastructure.m310.mongodb.university slapd[19497]: conn=1003 fd=11 closed
Jan 11 22:59:43 infrastructure.m310.mongodb.university slapd[19497]: conn=1004 fd=11 ACCEPT from IP=192.168.31.100:60870 (IP=0.0.0.0:389)
Jan 11 22:59:43 infrastructure.m310.mongodb.university slapd[19497]: conn=1004 op=0 BIND dn="" method=128
Jan 11 22:59:43 infrastructure.m310.mongodb.university slapd[19497]: conn=1004 op=0 RESULT tag=97 err=0 text=
Jan 11 22:59:43 infrastructure.m310.mongodb.university slapd[19497]: conn=1004 op=1 SRCH base=“ou=Users,dc=mongodb,dc=com” scope=2 deref=0 filte
r="(uid=adam)"
Jan 11 22:59:43 infrastructure.m310.mongodb.university slapd[19497]: conn=1004 op=1 SRCH attr=dn
Jan 11 22:59:43 infrastructure.m310.mongodb.university slapd[19497]: <= bdb_equality_candidates: (uid) not indexed
Jan 11 22:59:43 infrastructure.m310.mongodb.university slapd[19497]: conn=1004 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=

It complains about (uid=adam), so 1 I know saslauthd talks to my open ldap but 2 it looks like it ignores the last line of /etc/saslauthd.conf which is ‘ldap_search_filter:(cn=%u)’.

What bugs me is that in the homework it is written that the search filter should be (cn=%u) but in the video (uid=%u) is used and now I have an error with (uid=adam) ?

What I am missing?

I will reconfigure saslauthd to use (uid=%u) as the search pattern just in case.

I’m also stuck at

vagrant@database:~/shared$ testsaslauthd -u adam -p password -f /var/run/saslauthd/mux
connect() : Permission denied

Is OpenLDAP running on infrastructure? Can you provide some of the last few lines of the log file?

[vagrant@infrastructure shared]$ ps -ef|grep ldap
ldap 5113 1 0 00:42 ? 00:00:00 /usr/sbin/slapd -u ldap -h ldapi:/// ldap:///
vagrant 5169 5046 0 02:08 pts/0 00:00:00 grep --color=auto ldap

Where to get the log path LDAP Server ?

Getting this error

vagrant@database:~/shared/ldap$ testsaslauthd -u adam -p password -f /var/run/saslauthd/mux
0: NO “authentication failed”
vagrant@database:~/shared/ldap$

Verified all services are up and able to ping both servers
Verified no spaces and using ldap in conf file
Tried stop/start saslauthd/permissions check etc but none seem to work
Do we need to use port?
[vagrant@infrastructure shared] ps -ef|grep -i ldap ldap 32404 1 0 01:47 ? 00:00:00 /usr/sbin/slapd -u ldap -h ldapi:/// ldap:/// vagrant 32457 32338 0 03:41 pts/0 00:00:00 grep --color=auto -i ldap [vagrant@infrastructure shared] ping database
PING database.m310.mongodb.university (192.168.31.100) 56(84) bytes of data.
64 bytes from database.m310.mongodb.university (192.168.31.100): icmp_seq=1 ttl=64 time=0.295 ms