[Date Prev][Date Next]
On Tue, 21 Oct 2003, Frank Swasey wrote:
> Today at 8:37am, Allan Streib wrote:
> > On Tuesday, October 21, 2003, at 07:52 AM, Frank Swasey wrote:
> > > Today at 8:20am, Igor Brezac wrote:
> > >
> > >> On Tue, 21 Oct 2003, Frank Swasey wrote:
> > >>
> > >>> I have a /usr/lib/sasl2/slapd.conf which contains
> > >>> pwcheck_check: saslauthd
> > >>> saslauthd_path: /var/run/saslauthd
> > >>
> > >> You need
> > >> saslauthd_path: /var/run/saslauthd/mux
> > Be sure that the user that slapd runs under ('ldap', in my case, has rw
> > access to that socket. E.g. on my system:
> > $ ll -d /var/state/saslauthd/
> > drwxrwxr-x 3 root ldap 4096 Oct 17 16:03
> > /var/state/saslauthd/
> Ok, I've changed /var/run/saslauthd so it is the same as yours...
> > > Ok, I've done that and restarted slapd -- no change. How do I verify
> > > that /usr/lib/sasl2/slapd.conf is the correct filename?
> > In my system it's /usr/local/lib/sasl2/slapd.conf. I built Cyrus-SASL
> > 2.1.15 from source. I would guess that if your SASL is from a RedHat
> > RPM that /usr/lib is correct.
> /usr/lib/sasl2 is the path that is in the slapd binary.
How did you figured that out? libsasl2.so reads slapd.conf and loads
> > > Why am I getting these lines in syslog?
> > >
> > > Oct 21 08:39:41 marmot slapd: SASL [conn=0] Failure: Invalid
> > > credentials
> > > Oct 21 08:39:41 marmot slapd: SASL [conn=0] Error: unable to
> > > open Berkeley db /etc/sasldb2: No such file or directory
> > I don't *think* that is a fatal error, more just a warning. But you
> > can create /etc/sasldb2 using the saslpasswd command -- I just created
> > a user and then deleted it, which left the /etc/sasldb2 file in place:
> > saslpasswd -c foo
> > saslpasswd -d foo
> Oops... Redhat... saslpasswd2 for me ... because saslpasswd is the 1.5
> version :-(
> > Make sure your ldap user account (or whatever you've called it) can
> > read this file. That stopped the complaints about /etc/sasldb2 in my
> > logs, but again I don't think that's really your problem. If that
> > fixes it, though, please add a follow-up to the FAQ on this topic.
> Yup, it stopped the complaints, but it still doesn't work...
If you do not use the sasldb plugin, you can remove it from
/usr/lib/sasl2 (rm libsasldb*)
> > > Who needs to own and what should the permissions be on
> > > /usr/lib/sasl2/slapd.conf?
> > In my system it's owned by root and readable by all.
> Same here...
First determine if /usr/lib/sasl2/slapd.conf is read by slapd. Try