[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Why slapd can't use sasldb?



Andrew,

Thanks for your reply. This is the first time that I tried the simplest way to setup an OpenLDAP server on my linux box according to an article of linux journal. (http://www.linuxjournal.com/article.php?sid=4711) I'm a new comer of openldap and don't know anything about sasl.
Don't know what's wrong. I'll do it again.


Anyway, you've given me a very important clue. Thanks again.

Calvin

Andrew Findlay wrote:

On Wed, Jan 29, 2003 at 12:19:17PM +0800, Calvin Liu wrote:



Seems something wrong with my slapd instance. (Maybe the setup process
wasn't completed.) It always report,
/SASL [conn=0] Error: unable to open Berkeley db /etc/sasldb2: No such
file or directory/
Then I touch a file /etc/sasldb2 but of cause it didn't work.



I note that the ldapadd command you use is not using the right set of flags for SASL bind. If you want to use SASL you need to specify '-U <username>' rather than '-D <binddn>'. If you do not want SASL then you need '-x'.

Assuming you want SASL...

This seems rather important:



additional info: SASL(-13): user not found: no secret in database



If you want to use SASL bind then you need some SASL secrets for the user concerned. SLAPD cannot update the SASL database - it must be done by other means.

Try this as root:

saslpasswd2 -c <username>

where <username> is the SASL username that you want to create. There
is no connection with Unix usernames.

Then make sure that /etc/sasldb2 is non-zero and is readable by the
user that slapd runs as. It should not be globally readable, as SASL
secrets are effectively stored in clear.

With 2.1.x versions it is possible to store SASL secrets in the
directory itself. See section 10.2 of the manual for details.

Andrew