On Friday, October 17, 2003, at 11:13 AM, I wrote:
I'm running into some difficulty -- started saslauthd as:
saslauthd -a kerberos5
Edited my userPassword attribute to be:
userPassword: {SASL}astreib@IU.EDU
I get an invalid credentials error trying to bind. Also tried
omitting the @IU.EDU and the same error. My ldap logs show:
Oct 17 11:06:56 slapd[30324]: SASL [conn=10] Error: unable to open
Berkeley db /etc/sasldb2: No such file or directory
Oct 17 11:06:56 slapd[30324]: SASL [conn=10] Failure: Invalid
credentials
I created the /etc/sasldb2 and that made no difference (other than
making that log message stop). Here's some more detailed logging --
if
anyone can spot a clue here I'd appreciate some guidance. I'm
thinking
the "Converted SASL name to <nothing>" message might be a problem?
.
.
.
SASL Canonicalize [conn=1]: authcid="astreib@IU.EDU"
slap_sasl_getdn: id=astreib@IU.EDU [len=14]
getdn: u:id converted to uid=astreib,cn=IU.EDU,cn=auth
dnNormalize: <uid=astreib,cn=IU.EDU,cn=auth>
=> ldap_bv2dn(uid=astreib,cn=IU.EDU,cn=auth,0)
<= ldap_bv2dn(uid=astreib,cn=IU.EDU,cn=auth,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=astreib,cn=iu.edu,cn=auth,272)=0
<<< dnNormalize: <uid=astreib,cn=iu.edu,cn=auth>
==>slap_sasl2dn: converting SASL name uid=astreib,cn=iu.edu,cn=auth to
a DN
slap_sasl_regexp: converting SASL name uid=astreib,cn=iu.edu,cn=auth
<==slap_sasl2dn: Converted SASL name to <nothing>
SASL Canonicalize [conn=1]: authcDN="uid=astreib,cn=iu.edu,cn=auth"
slap_sasl_getdn: id=astreib@IU.EDU [len=0]
getdn: u:id converted to uid=astreib,cn=IU.EDU,cn=auth
dnNormalize: <uid=astreib,cn=IU.EDU,cn=auth>
=> ldap_bv2dn(uid=astreib,cn=IU.EDU,cn=auth,0)
<= ldap_bv2dn(uid=astreib,cn=IU.EDU,cn=auth,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=astreib,cn=iu.edu,cn=auth,272)=0
<<< dnNormalize: <uid=astreib,cn=iu.edu,cn=auth>
==>slap_sasl2dn: converting SASL name uid=astreib,cn=iu.edu,cn=auth to
a DN
slap_sasl_regexp: converting SASL name uid=astreib,cn=iu.edu,cn=auth
<==slap_sasl2dn: Converted SASL name to <nothing>
ldap_err2string
SASL [conn=1] Failure: Invalid credentials
.
.
.