Re: Why slapd can't use sasldb?

[Calvin Liu <calvin.liu@sun.com>]

Andrew,

Thanks for your reply. This is the first time that I tried the simplest 
way to setup an OpenLDAP server on my linux box according to an article 
of linux journal. (http://www.linuxjournal.com/article.php?sid=4711) I'm 
a new comer of openldap and don't know anything about sasl.
Don't know what's wrong. I'll do it again.

Anyway, you've given me a very important clue. Thanks again.

Calvin

Andrew Findlay wrote:

> On Wed, Jan 29, 2003 at 12:19:17PM +0800, Calvin Liu wrote:
>
>  
>
> > Seems something wrong with my slapd instance. (Maybe the setup process
> > wasn't completed.) It always report,
> > /SASL [conn=0] Error: unable to open Berkeley db /etc/sasldb2: No such
> > file or directory/
> > Then I touch a file /etc/sasldb2 but of cause it didn't work.
> >    
>
> I note that the ldapadd command you use is not using the right set of
> flags for SASL bind. If you want to use SASL you need to specify
> '-U <username>' rather than '-D <binddn>'. If you do not want SASL
> then you need '-x'.
>
> Assuming you want SASL...
>
> This seems rather important:
>
>  
>
> > additional info: SASL(-13): user not found: no secret in database
> >    
>
> If you want to use SASL bind then you need some SASL secrets for the
> user concerned. SLAPD cannot update the SASL database - it must be
> done by other means.
>
> Try this as root:
>
> saslpasswd2 -c <username>
>
> where <username> is the SASL username that you want to create. There
> is no connection with Unix usernames.
>
> Then make sure that /etc/sasldb2 is non-zero and is readable by the
> user that slapd runs as. It should not be globally readable, as SASL
> secrets are effectively stored in clear.
>
> With 2.1.x versions it is possible to store SASL secrets in the
> directory itself. See section 10.2 of the manual for details.
>
> Andrew
>