[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAP + SASL + PAM or SASL TROUBLE



Hello, I'm trying to implement (Unix) user authentication in a small network
at work using ldap and pam_ldap, I've almost done it but I get this
error when testing the ldap server:

root@dep3$ ldapsearch -U root
SASL/LOGIN authentication started
Please enter your password: 
ldap_sasl_interactive_bind_s: Out of memory

but:

root@dep3$ free                                                /home/jsf/packages/MigrationTools-38
             total       used       free     shared    buffers     cached
Mem:        256960     239088      17872      68352      64992      65084
-/+ buffers/cache:     109012     147948
Swap:       265024       3672     261352

My sasl slap.conf file:

# Currently configurable parameters:
# - srvtab (for KERBEROS_V4): [/etc/srvtab] path
#        where to find the srvtab
#
# - pwcheck_method: [PAM] one of {PAM, kerberos_v4, passwd, shadow, sasldb}
#        how to check plaintext passwords.
#
# - auto_transition: [false]
#        if true, automatically add secrets to the secret database when
#        PLAIN or check_password is used, so in the future the user can
#        use the more secure mechanisms.
#
# *** For a more detailed guide on configuring SASL, please look at
# doc/sysadmin.html.
#
# Rename to /usr/lib/sasl/slapd.conf to use
#
#pwcheck_method: sasldb
pwcheck_method: PAM
#pwcheck_method: shadow
#auto_transition: true #no estaba comentado originalmente

And my pam.d/ldap file:

#%PAM-1.0
# is used by openldap slpad with SASL configured with pwcheck_method: PAM
#
auth        required      pam_unix.so
account     required      pam_unix.so
password    required      pam_unix.so
session     required      pam_unix.so

What do you think the problem is, also, does anyone has a good
reference for implementing this?  The HOWTO in linuxdoc is _very_ out
of date.

TIA

jorge santos

P.S. I'm using all packages from Debian Woody, which means:
libsasl7            1.5.24-6.1 
libpam-ldap         118-1      
slapd               2.0.11-2   
libldap2            2.0.11-2
ldap-utils          2.0.11-2