[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL Auth or remote access

The fact that your servers behave differently while you think they're
exactly the same indicates that actually there might be some difference,
so the only hand-off help you can get from others is the suggestion to
make sure they really are the same (excuse me for this obvious

All the problems you are encountering are so vague and fuzzy that there
could well be tons of reasons for each, including the most trivial (wrong
permissions, software version mismatch, various misconfigurations, ...).

I strongly recommend that, instead of staring at the output of commands,
you turn debug on and learn how to read the (extremely verbous) output of
slapd, and try to figure out what's the core problem(s) you're having. 
This may lead to more selective requests for help.


> Thanks Quanah
> After I added the qmail template, I added the index fields before even
> restarting the server.  But, somehow, just the act of stopping and
> restarting the server seems to have fixed the mailAlternateAddress
> problem.  The funny thing was I could search on other fields in that
> template, just not that one, but on the actual LDAP server, it now works.
> I have so many problems with OpenLDAP, I hope you guys don't get too sick
> of my questions.  I am trying to prove something can be done in real
> production.  It's tricky, and I need to take my steps quite small to
> insure that production does not suffer.
> The next two problems that I am trying to solve are:
>   - While this search now works from the LDAP server, I really want it to
> be available throughout my network.  While I can duplicate the query on
> a second FC2 machine (my "mon" server), I can not execute that query on
> a third machine.  In other words:
> LDAP on srv2
> Query: ldapsearch -x -h srv2 uid=kevin
> SRV1 Results: No such object
> SRV2 Results: Record returned
> SRV3 Results: Record Returned
>   - The other issue is that I would like to get SASLAUTHD to work.  On
> SRV2 if I do a:
> # testsaslauthd -u kevin -p yomamma
> it returns:
> 0: NO "authentication failed"
> I think this is the same reason I keep needing the -x on the ldapxxx
> commands.  I have Cyrus-SASL installed from rpm including the devel libs
> and plugins for plain and MD5.  So how do I get ldapxxx commands to work
> without the -x?
> Not sure which of these to tackle first!  Any help telling me which is
> better to go after first or if it matters, that would be great.  BTW,
> eventually, I want the SRV1 machine to hold a replica of the SRV2 and
> synced via slurpd.  I know that I need saslauthd working for that to
> happen, then SRV1 will pull the data direct from its localhost interface,
> so I suspect the second problem is more critical than the first, but I bow
> to the experts.
> Kevin Fries

Pierangelo Masarati

    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497