[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: can't get slapd to do pass-through authentication
On 04/08/10 14:54 -0700, Brent Bice wrote:
Dieter Kluenter wrote:
Did you create a lib/sasl2/slapd.conf, or wherever your sasl
configuration files are located?
I created a lib/sasl2/slapd.conf file again and in it specified:
pwcheck_method: saslauthd
saslauthd_path: /var/state/saslauthd/mux
If testsaslauth works without specifying a '-f' option, then you shouldn't
need to specify saslauthd_path.
And I confirmed that that is, indeed, the path that saslauthd is
listening on (it shows when I run saslauthd with the -d -V flags). But
when I ask OpenLDAP to authenticate a user whose userPassword attribute
is {SASL}bbice@ldap the saslauthd daemon shows no sign of having
received an auth request.
Make sure the user that slapd is running under has permissions to access
the saslauthd mux. You may need to do a 'addgroup openldap sasl' or
something similar to give it permissions.
If I run testsaslauthd -u bbice, however, the authentication works ok
and saslauthd shows testsaslauthd connecting to it. So it appears slapd
isn't contacting saslauthd at all? How does slapd determine what path to
use for the saslauthd socket? lib2/sasl/slapd.conf? Or saslauthd.conf?
The location is compiled into the sasl glue library at configure time, but
can be changed with the saslauthd_path config option.
--
Dan White