Re: cmusaslsecretPLAIN attribute

[TechnoSophos <technosophos@gmail.com>]

On 7/3/07, John Burian <john@burian.org> wrote:
[...]
> > if you want a SASL bind with PLAIN mechanism and TLS, the ldapwhoami
> > should look something like
> >
> > $ ldapwhoami -Y PLAIN -U burianj -ZZ -H ldap://localhost
> >
> I'm not having a problem getting TLS to work. ldapwhoami is connecting
> over port 636, I see correct TLS messages in the log file, and
> ldapwhoami reports that it is authenticating with SASL/PLAIN. For the
> record, if I try the above command, forcing the connection over port 389
> and using StartTLS, I get the same results as just using "ldapwhoami" or
> "ldapwhoami -D 'uid=burianj,ou=people,dc=cqcb'". The problem is simple
> authentication works, SASL/PLAIN authentication with the same DN and
> password fails.

I think, though, that you do want to use -U for SASL binding, instead
of -D, which is typically used for simple binding.

> From the log you sent earlier, it appears that the PLAIN mechanism is
being invoked, but it looks like your sasldb2 file is not being
accessed:

> Jul  3 14:49:57 Hodgkin slapd[5635]: SASL [conn=0] Error: unable to open
> Berkeley db /etc/sasldb2: No such file or directory

Since /etc/sasldb2 typically has strict permissions, this might be a
permissions problem... or maybe the file doesn't exist.

Matt