[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap + kerberos simple bind invalid credentials

sasl-regexp is irrelevant for simple binds, I believe.

First check the obvious: are you compiled --with-spasswd? If not,
recompile (a great time for the sorely needed upgrade) with it, otherwise
you're heading nowhere fast.

You can emulate spasswd by playing with testsaslauthd with service
"slapd". If you have userPassword: {SASL}uid@REALM.EXAMPLE.COM, then the
corresponding test is:

testsaslauthd -s slapd -r REALM.EXAMPLE.COM -u uid -p secret

Is that working? If not, turn up saslauthd debugging and/or go talk to
Cyrus guys. Also note that the FAQ-O-Matic entry shows a different
/usr/local/lib/sasl2/slapd.conf than yours, and is more in line with what
I'd typically expect with spasswd. (But I have no idea if what you want is
typical or not.)

Once that's working, if necessary, start debugging the slapd <> sasl
interaction by turning up debugging on both of them. (You have ldapsearch
-d -1 here, but there's little reason to suspect this is a client issue.)
Is slapd going to Cyrus in the first place (does it even parse the
/usr/local/lib/sasl2/slapd.conf file?) etc.