LDAP and SASL...

[Tobias Rice <rice@up.edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings!

I'm using OpenLDAP 2.1.30-3 (the .deb version of Openldap) on Debian
Sarge/testing. I've added my users to the LDAP database and I'm using
nsswitch and pam. No users are in the local shadow file. Users can ssh
into the box just fine, as all of this works perfectly.
Next I installed heimdal's kerberos and Cyrus SASL2 and setup a few test
users. I can kinit and get a ticket just fine. I can also authenticate
via sasl just fine using testsasl -u user -p passwd, which produces OK
"Success". (SASL talks to kerberos just fine)
Now I want to have slapd auth against sasl, so I've changed the
userPassword attivbte in my ldap database to {SASL}user@MY REALM. Every
thing breaks at this point for the test users that I've changed the
passwd on. My heimdal logs do not show any activity so I'm assuming that
~ slapd never tries sasl. I then ran 'apt-get source slapd' and looked at
the ./config options to see if --with-cyrus-sasl was on by default,
which it is.
My ultimate goal is to get all of this working with our windows2k dc's
as my kdc. We need ldap but I don't want my passwds in ldap.

Any help/comments would be greatly appriciated!
Thanks,
Tobias
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)

iD8DBQFBeX5NRJX8S0T0CkURAinrAKCE/wd3Q3EdDqiIqWkiZtvVxmoU4ACfZHt6
5npI6ceGkaZkXpt4vBJnQAw=
=GxWF
-----END PGP SIGNATURE-----