[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap + kerberos simple bind invalid credentials

Aaron Richton wrote:
sasl-regexp is irrelevant for simple binds, I believe.

First check the obvious: are you compiled --with-spasswd? If not,
recompile (a great time for the sorely needed upgrade) with it, otherwise
you're heading nowhere fast.

You can emulate spasswd by playing with testsaslauthd with service
"slapd". If you have userPassword: {SASL}uid@REALM.EXAMPLE.COM, then the
corresponding test is:

testsaslauthd -s slapd -r REALM.EXAMPLE.COM -u uid -p secret

testsaslauthd -s slapd -r MY.REALM.COM -u uid -p password 0: OK "Success."

Is that working? If not, turn up saslauthd debugging and/or go talk to Cyrus guys. Also note that the FAQ-O-Matic entry shows a different /usr/local/lib/sasl2/slapd.conf than yours, and is more in line with what I'd typically expect with spasswd. (But I have no idea if what you want is typical or not.)

have tried the following /usr/local/lib/sasl2/slapd.conf with the same results - ldap_bind: Invalid credentials (49)

pwcheck_method: saslauthd
saslauthd_path: /var/state/saslauthd/mux

Once that's working, if necessary, start debugging the slapd <> sasl
interaction by turning up debugging on both of them. (You have ldapsearch
-d -1 here, but there's little reason to suspect this is a client issue.)
Is slapd going to Cyrus in the first place (does it even parse the
/usr/local/lib/sasl2/slapd.conf file?) etc.
/var/log/openldap entries (set up via syslog.conf local4.*

Feb 15 15:38:11 ldap slapd[10904]: conn=73 fd=28 ACCEPT from IP=
9 (IP=
Feb 15 15:38:11 ldap slapd[12743]: conn=73 op=0 BIND dn="uid=username,ou=People,dc=example,dc=com" method=128
Feb 15 15:38:11 ldap slapd[12743]: conn=73 op=0 RESULT tag=97 err=49 text=
Feb 15 15:38:11 ldap slapd[10904]: conn=73 fd=28 closed

-- Karen R. McArthur <kmcarthu@bates.edu> Systems Administrator Information and Library Services, Bates College Lewiston, Maine 04240 ph:(207) 786-8236 fax:(207) 786-6057

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature