[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: kpasswd
On Tuesday, October 21, 2003, at 07:52 AM, Frank Swasey wrote:
Today at 8:20am, Igor Brezac wrote:
On Tue, 21 Oct 2003, Frank Swasey wrote:
I have a /usr/lib/sasl2/slapd.conf which contains
pwcheck_check: saslauthd
saslauthd_path: /var/run/saslauthd
You need
saslauthd_path: /var/run/saslauthd/mux
Be sure that the user that slapd runs under ('ldap', in my case, has rw
access to that socket. E.g. on my system:
$ ll -d /var/state/saslauthd/
drwxrwxr-x 3 root ldap 4096 Oct 17 16:03
/var/state/saslauthd/
Ok, I've done that and restarted slapd -- no change. How do I verify
that /usr/lib/sasl2/slapd.conf is the correct filename?
In my system it's /usr/local/lib/sasl2/slapd.conf. I built Cyrus-SASL
2.1.15 from source. I would guess that if your SASL is from a RedHat
RPM that /usr/lib is correct.
Why am I getting these lines in syslog?
Oct 21 08:39:41 marmot slapd[13907]: SASL [conn=0] Failure: Invalid
credentials
Oct 21 08:39:41 marmot slapd[13907]: SASL [conn=0] Error: unable to
open Berkeley db /etc/sasldb2: No such file or directory
I don't *think* that is a fatal error, more just a warning. But you
can create /etc/sasldb2 using the saslpasswd command -- I just created
a user and then deleted it, which left the /etc/sasldb2 file in place:
saslpasswd -c foo
saslpasswd -d foo
Make sure your ldap user account (or whatever you've called it) can
read this file. That stopped the complaints about /etc/sasldb2 in my
logs, but again I don't think that's really your problem. If that
fixes it, though, please add a follow-up to the FAQ on this topic.
Who needs to own and what should the permissions be on
/usr/lib/sasl2/slapd.conf?
In my system it's owned by root and readable by all.
Allan