[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Simple Bind pass-through to SASL/PLAIN

To: Zach Schimke <zschimke@mars.asu.edu>
Subject: Re: Simple Bind pass-through to SASL/PLAIN
From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
Date: Fri, 11 Mar 2011 10:33:57 +0000
Cc: Dan White <dwhite@olp.net>, openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <4D795F80.8050005@mars.asu.edu>
References: <4D702D2D.80206@mars.asu.edu> <20110304145453.GC4667@dan.olp.net> <4D7149FE.3060205@mars.asu.edu> <20110304204842.GA4704@dan.olp.net> <4D7152C0.9090004@mars.asu.edu> <20110304210921.GC4704@dan.olp.net> <4D7953C4.9080107@mars.asu.edu> <20110310230355.GI4723@dan.olp.net> <4D795F80.8050005@mars.asu.edu>
User-agent: Mutt/1.5.20 (2009-06-14)

On Thu, Mar 10, 2011 at 04:32:16PM -0700, Zach Schimke wrote:

> Okay, here's the log from a SASL/PLAIN bind working.

> Mar 10 16:28:51 kdc1 slapd[2367]: SASL [conn=41] Error: unable to
> open Berkeley db /etc/sasldb2: No such file or directory

That suggests that your SASL config is still wrong, as it is trying to
use the default secrets database.

It may well be that the SASL library is not reading the config
files that you are modifying. Try running slapd under strace and
look to see which files it opens. You are looking for something like
/usr/lib/sasl2/slapd.conf which should contain something like this:

 mech_list: plain
 pwcheck_method: saslauthd
 saslauthd_path: /var/run/sasl2/mux

Also, take not of the suggested tests in the adming guide:
http://www.openldap.org/doc/admin24/security.html#Testing%20pass-through%20authentication

In particular, you can use testsaslauthd to make sure that the back-end
authentication daemon is working.

This is very unlikely to be an ACL problem.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------

References:
- Simple Bind pass-through to SASL/PLAIN
  - From: Zach Schimke <zschimke@mars.asu.edu>
- Re: Simple Bind pass-through to SASL/PLAIN
  - From: Dan White <dwhite@olp.net>
- Re: Simple Bind pass-through to SASL/PLAIN
  - From: Zach Schimke <zschimke@mars.asu.edu>
- Re: Simple Bind pass-through to SASL/PLAIN
  - From: Dan White <dwhite@olp.net>
- Re: Simple Bind pass-through to SASL/PLAIN
  - From: Zach Schimke <zschimke@mars.asu.edu>
- Re: Simple Bind pass-through to SASL/PLAIN
  - From: Dan White <dwhite@olp.net>
- Re: Simple Bind pass-through to SASL/PLAIN
  - From: Zach Schimke <zschimke@mars.asu.edu>
- Re: Simple Bind pass-through to SASL/PLAIN
  - From: Dan White <dwhite@olp.net>
- Re: Simple Bind pass-through to SASL/PLAIN
  - From: Zach Schimke <zschimke@mars.asu.edu>

Prev by Date: Re: php ldap binding problems
Next by Date: Re: LDAP browsers and cn=config
Index(es):
- Chronological
- Thread