Re: kpasswd

[Allan Streib <astreib@indiana.edu>]

On Tuesday, October 21, 2003, at 07:52 AM, Frank Swasey wrote:

> Today at 8:20am, Igor Brezac wrote:
>
> > On Tue, 21 Oct 2003, Frank Swasey wrote:
> >
> > > I have a /usr/lib/sasl2/slapd.conf which contains
> > > pwcheck_check: saslauthd
> > > saslauthd_path: /var/run/saslauthd
> >
> > You need
> > saslauthd_path: /var/run/saslauthd/mux

Be sure that the user that slapd runs under ('ldap', in my case, has rw 
access to that socket.  E.g. on my system:

  $ ll -d /var/state/saslauthd/
  drwxrwxr-x    3 root     ldap         4096 Oct 17 16:03 
/var/state/saslauthd/

> Ok, I've done that and restarted slapd -- no change.  How do I verify
> that /usr/lib/sasl2/slapd.conf is the correct filename?

In my system it's /usr/local/lib/sasl2/slapd.conf.  I built Cyrus-SASL 
2.1.15 from source.  I would guess that if your SASL is from a RedHat 
RPM that /usr/lib is correct.

> Why am I getting these lines in syslog?
>
> Oct 21 08:39:41 marmot slapd[13907]: SASL [conn=0] Failure: Invalid 
> credentials
> Oct 21 08:39:41 marmot slapd[13907]: SASL [conn=0] Error: unable to 
> open Berkeley db /etc/sasldb2: No such file or directory

I don't *think* that is a fatal error, more just a warning.  But you 
can create /etc/sasldb2 using the saslpasswd command -- I just created 
a user and then deleted it, which left the /etc/sasldb2 file in place:

saslpasswd -c foo
saslpasswd -d foo

Make sure your ldap user account (or whatever you've called it) can 
read this file.  That stopped the complaints about /etc/sasldb2 in my 
logs, but again I don't think that's really your problem.  If that 
fixes it, though, please add a follow-up to the FAQ on this topic.

> Who needs to own and what should the permissions be on
> /usr/lib/sasl2/slapd.conf?

In my system it's owned by root and readable by all.

Allan