Description of problem: - When analyzing log files with sasl binds (method=sasl and mech=EXTERNAL) with an empty DN (dn="") they are counted as anonymous. If this is a successful SASL bind attempt, should this be logged as a sasl bind? Version-Release number of selected component (if applicable): Directory Server 8.2 Directory Server 9.1 How reproducible: Always Steps to Reproduce: Run logconv against the following log snippet: [16/Jun/2014:16:32:05 +0000] conn=34397 fd=8193 slot=8193 SSL connection from 0.0.0.0 to 1.1.1.1 [16/Jun/2014:16:32:05 +0000] conn=34397 SSL 256-bit AES; client CN=LDAPS-Portal-user-2,OU=People,DC=example,DC=local; issuer CN=CA-1 Certificate Authority,OU=Certification Authorities [16/Jun/2014:16:32:05 +0000] conn=34397 SSL client bound as cn=LDAPS-Portal-user-2,ou=People,dc=example,dc=com [16/Jun/2014:16:32:05 +0000] conn=34397 op=0 BIND dn="" method=sasl version=3 mech=EXTERNAL Actual results: Binds: 1 Unbinds: 0 LDAP v2 Binds: 0 LDAP v3 Binds: 1 SSL Client Binds: 1 Failed SSL Client Binds: 0 SASL Binds: 1 1 EXTERNAL Directory Manager Binds: 0 Anonymous Binds: 1 Other Binds: 0 Expected results: Binds: 1 Unbinds: 0 LDAP v2 Binds: 0 LDAP v3 Binds: 1 SSL Client Binds: 1 Failed SSL Client Binds: 0 SASL Binds: 1 1 EXTERNAL Directory Manager Binds: 0 Anonymous Binds: 0 Other Binds: 1 Additional info: ~~~ if (m/ BIND/ && m/dn=""/){$anony++; $bindlist{"Anonymous Binds"}++;inc_stats('anonbind',$s_stats,$m_stats);} ~~~ on line 1463 comes before ~~~ if (/ BIND / && /method=sasl/i){ $sasl++; if ($_ =~ /mech=(.*)/i ){ $saslmech{$1}++; } ~~~ on line 1882. I think it's getting counted as Anonymous and moving to the next line in the log before it hits the method=sasl check.
attachment 0001-Ticket-48681-logconv.pl-lists-sasl-binds-with-no-dn-.patch
Looks good to me.
dc7bde8..f000528 master -> master commit f000528 Author: Mark Reynolds mreynolds@redhat.com Date: Thu Dec 8 09:37:31 2016 -0500
Metadata Update from @mreynolds: - Issue assigned to mreynolds - Issue set to the milestone: 1.3.6.0
<img alt="0001-Ticket-48681-logconv.pl-fix-sasl-bind-stats.patch" src="/389-ds-base/issue/raw/files/426fd872f07701389d7262d84b3bc1e2b879a4c6652bf769852e7222f3eb60f5-0001-Ticket-48681-logconv.pl-fix-sasl-bind-stats.patch" />
Metadata Update from @mreynolds: - Custom field reviewstatus adjusted to review (was: ack) - Issue status updated to: Open (was: Closed)
Metadata Update from @firstyear: - Custom field reviewstatus adjusted to ack (was: review)
7995007..770bf3a master -> master
b414833..0b116ee 389-ds-base-1.3.6 -> 389-ds-base-1.3.6
Metadata Update from @mreynolds: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @mreynolds: - Issue status updated to: Open (was: Closed)
<img alt="0001-Ticket-48681-logconv.pl-Fix-SASL-Bind-stats-and-rewo.patch" src="/389-ds-base/issue/raw/files/60cb3b7dd9374165d18e478de618317a724ef813a5aabdca49d96b183b2e600c-0001-Ticket-48681-logconv.pl-Fix-SASL-Bind-stats-and-rewo.patch" />
Thanks Mark for offline explanations. Patch looks good to me. Ack
Metadata Update from @tbordaz: - Custom field reviewstatus adjusted to ack (was: review)
b1474a5..f913252 master -> master
d63e4cc..da751b8 389-ds-base-1.3.6 -> 389-ds-base-1.3.6
Regression was introduced (See https://bugzilla.redhat.com/show_bug.cgi?id=1474100).
FIxed:
35c20ca..e46749b master -> master
9271d5c..7719fde 389-ds-base-1.3.7 -> 389-ds-base-1.3.7
184b8a1..55bceda 389-ds-base-1.3.6 -> 389-ds-base-1.3.6
Metadata Update from @mreynolds: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1111400, https://bugzilla.redhat.com/show_bug.cgi?id=1474100 (was: https://bugzilla.redhat.com/show_bug.cgi?id=1111400) - Custom field version adjusted to None
b0b6346..6098e7b master -> master
cb589f4..4ac6ade 389-ds-base-1.3.7 -> 389-ds-base-1.3.7
55bceda..2111276 389-ds-base-1.3.6 -> 389-ds-base-1.3.6
patch file for above commit
<img alt="0001-Ticket-48681-Use-of-uninitialized-value-in-string-ne.patch" src="/389-ds-base/issue/raw/files/201a224584af1bc8b2201fa209ccf03bd101cf290d1c19501af08862fcf608c6-0001-Ticket-48681-Use-of-uninitialized-value-in-string-ne.patch" />
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/1796
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: fixed)
Log in to comment on this ticket.