[Date Prev][Date Next]
Re: OpenLDAP SASL Passthrough
On 15/11/11 12:00 +0100, Raffael Sahli wrote:
Date: Fri, 11 Nov 2011 08:41:21 -0600
Subject: Re: OpenLDAP SASL Passthrough
On 11/11/11 12:48 +0100, Raffael Sahli wrote:
>testsaslauthd works well:
>[root@ldap-master001 /]#---> testsaslauthd -u test -p MYPASSWORD -r MY_REALM -s ldap
>0: OK "Success."
>sasl debug log:
>saslauthd :do_auth : auth success: [user=test] [service=ldap]
>saslauthd :do_request : response: OK
>And the sasl debug log shows:
>saslauthd :do_auth : auth failure: [user=test] [service=ldap]
>[realm=MY_REALM] [mech=kerberos5] [reason=saslauthd internal error]
For a more apples to apples comparison, try running testsaslauthd as the
same user that your slapd process is running under. I can't see how this
would be a permissions problem though.
Nop, same problem (or same success message ^^ ) with the slapd running
user "openldap". saslauthd works with sasl user "test" running with user
openldap or root, and ldapsearch with user "test" doesn't.....
For mech=kerberos5, there are several possible reasons for 'saslauthd
internal error'. Each of them should log an explanation to syslog (to
auth.err). You should see one of:
auth_krb5: could not generate ccache name
auth_krb5: NULL password or username?
auth_krb5: could not generate ticket file name
auth_krb5: krb5_get_init_creds_password: %d