[Date Prev][Date Next] [Chronological] [Thread] [Top]

Trying to enable SASL support for OpenLDAP 2.0.11...



This is annoying.  I've been spending the past 8+ hours trying to get
SASL to work with OpenLDAP.  Every time I do, I encounter the same
error:

# ldapadd -D "uid=root@sineswiper.missiondata.com" -f
/root/missiondata.ldif
ldap_sasl_interactive_bind_s: No such object

# ldapadd -D "cn=root,dc=missiondata,dc=com" -f /root/missiondata.ldif
ldap_sasl_interactive_bind_s: No such object
# ldapadd -I
ldap_sasl_interactive_bind_s: No such object

I can use simple mode just fine, but I don't want simple mode.  I'm
trying to get everything setup for LDAP through SSL.  I have all of
the libraries: Kerberos 5, SASL, DES, Crypt, Crypto, etc.  I've used
the following configure line:

./configure --with-cyrus-sasl \
            --with-kerberos \
            --with-tls \
            --enable-crypt \
            --enable-kpasswd \
            --enable-spasswd \
            --enable-phonetic \
            --enable-rlookups

Oddly enough, even after installing the program with the above
configure, I get this:

# ldapadd -k
ldapadd: not compiled with Kerberos support
I'm not sure if the SASL switch on the configure overrides this or
what, but I don't understand why it can't have support for both.  My
ldap.conf is correct:

BASE    dc=missiondata, dc=com
URI     ldap://sineswiper.missiondata.net

According to LDAPSearch, I don't have the required
"supportedSASLMechanisms" objects in my Root DN:

# ldapsearch -D "cn=root,dc=missiondata,dc=com" -b "" -Wxs base -LLL
Enter LDAP Password:
dn:
objectClass: top
objectClass: OpenLDAProotDSE

My /var/log/message doesn't say anything unusual.  I've already
created a /etc/sasldb with saslpasswd.  My slapd.conf contains:

---- cut ----
sasl-host sineswiper.missiondata.net
sasl-secprops none

database        ldbm
suffix          "dc=missiondata,dc=com"
#rootdn         "uid=root@sineswiper.missiondata.net"
rootdn          "cn=root,dc=missiondata,dc=com"
rootpw          {SSHA}---blah---
directory       /var/openldap/ldbm
index           objectClass     eq

TLSCertificateFile /var/ssl/ssl.crt/server.crt
TLSCertificateKeyFile /var/ssl/ssl.key/server.key
---- end ----

Everything is setup the way it should be, so WTF?! Current newsgroup
posts aren't helping much, nor is the OpenLDAP FAQ. I'm sure many others would like an answer to this question, too.


--
Brendan Byrd (brendanb@missiondata.com)
System Administrator @ Mission Data
http://www.missiondata.com/