[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: kpasswd

To: Frank Swasey <Frank.Swasey@uvm.edu>
Subject: Re: kpasswd
From: Igor Brezac <igor@ipass.net>
Date: Tue, 21 Oct 2003 11:22:16 -0400 (EDT)
Cc: Allan Streib <astreib@indiana.edu>, openldap-software@OpenLDAP.org
In-reply-to: <Pine.LNX.4.58.0310211056170.25769@ebova.hiz.rqh>
References: <AD6FB2CB-03CB-11D8-93D2-000393033826@indiana.edu> <Pine.LNX.4.58.0310211056170.25769@ebova.hiz.rqh>

On Tue, 21 Oct 2003, Frank Swasey wrote:

> Today at 8:37am, Allan Streib wrote:
>
> >
> > On Tuesday, October 21, 2003, at 07:52 AM, Frank Swasey wrote:
> >
> > > Today at 8:20am, Igor Brezac wrote:
> > >
> > >> On Tue, 21 Oct 2003, Frank Swasey wrote:
> > >>
> > >>> I have a /usr/lib/sasl2/slapd.conf which contains
> > >>> pwcheck_check: saslauthd
> > >>> saslauthd_path: /var/run/saslauthd
> > >>
> > >> You need
> > >> saslauthd_path: /var/run/saslauthd/mux
> >
> > Be sure that the user that slapd runs under ('ldap', in my case, has rw
> > access to that socket.  E.g. on my system:
> >
> >    $ ll -d /var/state/saslauthd/
> >    drwxrwxr-x    3 root     ldap         4096 Oct 17 16:03
> > /var/state/saslauthd/
>
> Ok, I've changed /var/run/saslauthd so it is the same as yours...
>
> > > Ok, I've done that and restarted slapd -- no change.  How do I verify
> > > that /usr/lib/sasl2/slapd.conf is the correct filename?
> >
> > In my system it's /usr/local/lib/sasl2/slapd.conf.  I built Cyrus-SASL
> > 2.1.15 from source.  I would guess that if your SASL is from a RedHat
> > RPM that /usr/lib is correct.
>
> /usr/lib/sasl2 is the path that is in the slapd binary.

How did you figured that out?  libsasl2.so reads slapd.conf and loads
various plugins.

> >
> > > Why am I getting these lines in syslog?
> > >
> > > Oct 21 08:39:41 marmot slapd[13907]: SASL [conn=0] Failure: Invalid
> > > credentials
> > > Oct 21 08:39:41 marmot slapd[13907]: SASL [conn=0] Error: unable to
> > > open Berkeley db /etc/sasldb2: No such file or directory
> >
> > I don't *think* that is a fatal error, more just a warning.  But you
> > can create /etc/sasldb2 using the saslpasswd command -- I just created
> > a user and then deleted it, which left the /etc/sasldb2 file in place:
> >
> > saslpasswd -c foo
> > saslpasswd -d foo
>
> Oops... Redhat... saslpasswd2 for me ...  because saslpasswd is the 1.5
> version :-(
>
> > Make sure your ldap user account (or whatever you've called it) can
> > read this file.  That stopped the complaints about /etc/sasldb2 in my
> > logs, but again I don't think that's really your problem.  If that
> > fixes it, though, please add a follow-up to the FAQ on this topic.
>
> Yup, it stopped the complaints, but it still doesn't work...
>

If you do not use the sasldb plugin, you can remove it from
/usr/lib/sasl2 (rm libsasldb*)

> > > Who needs to own and what should the permissions be on
> > > /usr/lib/sasl2/slapd.conf?
> >
> > In my system it's owned by root and readable by all.
>
> Same here...
>

First determine if /usr/lib/sasl2/slapd.conf is read by slapd.  Try
strace|truss slapd.

-- 
Igor

References:
- Re: kpasswd
  - From: Allan Streib <astreib@indiana.edu>
- Re: kpasswd
  - From: Frank Swasey <Frank.Swasey@uvm.edu>

Prev by Date: Re: kpasswd
Next by Date: Re: Problem with connecting via SSL from remote host
Index(es):
- Chronological
- Thread