[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: can't get slapd to do pass-through authentication

On 04/08/10 14:54 -0700, Brent Bice wrote:
Dieter Kluenter wrote:
Did you create a lib/sasl2/slapd.conf, or wherever your sasl
configuration files are located?

   I created a lib/sasl2/slapd.conf file again and in it specified:
pwcheck_method:	saslauthd
saslauthd_path:	/var/state/saslauthd/mux

If testsaslauth works without specifying a '-f' option, then you shouldn't
need to specify saslauthd_path.

And I confirmed that that is, indeed, the path that saslauthd is listening on (it shows when I run saslauthd with the -d -V flags). But when I ask OpenLDAP to authenticate a user whose userPassword attribute is {SASL}bbice@ldap the saslauthd daemon shows no sign of having received an auth request.

Make sure the user that slapd is running under has permissions to access
the saslauthd mux. You may need to do a 'addgroup openldap sasl' or
something similar to give it permissions.
If I run testsaslauthd -u bbice, however, the authentication works ok and saslauthd shows testsaslauthd connecting to it. So it appears slapd isn't contacting saslauthd at all? How does slapd determine what path to use for the saslauthd socket? lib2/sasl/slapd.conf? Or saslauthd.conf?

The location is compiled into the sasl glue library at configure time, but
can be changed with the saslauthd_path config option.

Dan White