OpenLDAP Faq-O-Matic: ldap_sasl_interactive_bind

	OpenLDAP Faq-O-Matic : Trash : ldap_sasl_interactive_bind_s: Unknown error
	regarding the question: >SASL/DIGEST-MD5 authentication started >Please enter your password: >ldap_sasl_interactive_bind_s: Unknown error > additional info: unable to get user's secret A very normal problem for this one is that the "sasl-realm" attribute in slapd.conf is set wrong. It has to be the FQDN to work. In my case this was "mail" not MAIL ;(
	The SASL documentation is misleading when it talks about using the Fully Qualified Domain Name. The SASL code only uses the gethostname() system call, which by convention returns a simple hostname without any domain components. E.g., for "foo.bar.com" it may just return "foo". (This also depends on your particular installation; some sysadmins actually do sethostname() with a fully qualified name, but this is aberrant.) The standard way of getting a fully qualified name is to use gethostbyname() on the output of gethostname(). This is guaranteed to return a FQDN for any valid hostname. This is what OpenLDAP/slapd itself does, but it is not what the Cyrus SASL libraries do. As such, if you used saslpasswd (or saslpasswd2) to create your credentials and you did not explicitly specify a FQDN for your realm, your sasldb very likely only contains a simple hostname for the realm, not FQDNs. This kind of mismatch will also cause the "unable to get user's secret" errors. hyc@highlandsun.com
	[Append to This Answer]

	[Search]	[Appearance]
This is a Faq-O-Matic 2.721.test.