Well, I don't know the answer either. However, upgrading the openldap
SRPM to 2.0.27 fixed things. Thanks!
John
John Morris <openldap@butchwax.com> writes:
> Howdy! After a week of reading every manual, cookbook, and howto,
> trying every combination of config options, and twenty google searches
> an hour, I've managed to get openldap (redhat stock 2.0.25), krb5
> (redhat nearly stock 1.2.5), SSL/TLS, and sasl (redhat stock 2.1.7,
> which include 1.5.28) working on a RH8.0 box. Mostly.
>
> Sorry for the lengthy email, I'm not sure which parts are important
> for debugging, so I'm sticking them all in. :)
>
> (One other, separate, little problem, before going on: with the
> cyrus-sasl-gssapi and cyrus-sasl-plain packages both installed,
> ldapsearch returned "ldap_sasl_interactive_bind_s: Unknown
> authentication method"; after removing the cyrus-sasl-plain package,
> it started working. Hmm....)
>
> Here's the problem. Ldapsearch works like this:
>
> # ldapsearch -X u:root -H ldap://ldap-2.lan.butchwax.com/ -v \
> -LLL -ZZ o=butchwax
> ldap_initialize( ldap://ldap-2.lan.butchwax.com/ )
> SASL/GSSAPI authentication started
> SASL username: u:root
> SASL SSF: 56
> SASL installing layers
> filter: o=butchwax
> requesting: ALL
> dn: o=butchwax
> objectClass: top
> objectClass: organization
> o: butchwax
>
> Perfect. But this doesn't work:
>
> # ldapsearch -Q -H ldap://ldap-2.lan.butchwax.com/ -v \
> -LLL -ZZ o=butchwax
> ldap_initialize( ldap://ldap-2.lan.butchwax.com/ )
> filter: o=butchwax
> requesting: ALL
> ldap_result: Can't contact LDAP server
>
> [blah blah blah]