[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: "unable to open Berkeley db /etc/sasldb2" using in-directory SASL ?

To: <openldap-software@OpenLDAP.org>
Subject: RE: "unable to open Berkeley db /etc/sasldb2" using in-directory SASL ?
From: "Howard Chu" <hyc@highlandsun.com>
Date: Tue, 29 Apr 2003 18:21:05 -0700
Importance: Normal
In-reply-to: <00b301c30eae$4a262ca0$050befd1@execulink.net>

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Carl Litt

> This is probably a simple question but I have already reviewed the
> Administrator's Guide and searched the archives.  I am testing
> openldap-2.1.17 with cyrus-sasl-2.1.12 on Red Hat 7.3 and get these
> errors in my syslog for any command using SASL:

> SASL [conn=22] Error: unable to open Berkeley db /etc/sasldb2: No such
> file or directory
> ldapwhoami: Internal Error -5 in common.c near line 630

> My SASL authentication (DIGEST-MD5) does work with the in-directory
> secret, but why is it trying to go to /etc/sasldb2?  Isn't
> the point of
> in-directory SASL secrets so that you don't have to create
> /etc/sasldb2?
> If I create /etc/sasldb2 and make it readable by slapd I
> still get these
> errors (Invalid Argument) plus it pauses for a few seconds before
> proceeding.
>
> As I said, it still works.  It more of an annoyance than a
> malfunction.
> Is there something I should be putting in
> /usr/lib/sasl/Ldap.conf?  I'm
> still new to cyrus-sasl-2.1, but if it matters saslauthd is running.

This is a Cyrus SASL configuration issue, not anything particular to
OpenLDAP. As stated in the OpenLDAP Admin Guide, you are expected to know how
to use SASL already before attempting to use it in OpenLDAP.

By default, SASL loads all the plugins that are installed on your system.
When multiple auxprop plugins are available, they are each tried in turn. If
you have the sasldb plugin installed, then it will be used.

If you don't want a particular plugin to be used, remove it.

You can also create /usr/lib/sasl2/slapd.conf and explicitly list the plugins
you want. For example:
	auxprop_plugin: slapd
This will ignore any other installed plugins and only use slapd's internal
code.

You could go the other way too, and turn off slapd's internal code:
	auxprop_plugin: sasldb

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

References:
- "unable to open Berkeley db /etc/sasldb2" using in-directory SASL ?
  - From: "Carl Litt" <carl@execulink.com>

Prev by Date: Re: NEWBEE
Next by Date: Re: NEWBEE
Index(es):
- Chronological
- Thread