[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: kpasswd




On Tuesday, October 21, 2003, at 07:52 AM, Frank Swasey wrote:

Today at 8:20am, Igor Brezac wrote:

On Tue, 21 Oct 2003, Frank Swasey wrote:

I have a /usr/lib/sasl2/slapd.conf which contains
pwcheck_check: saslauthd
saslauthd_path: /var/run/saslauthd

You need saslauthd_path: /var/run/saslauthd/mux

Be sure that the user that slapd runs under ('ldap', in my case, has rw access to that socket. E.g. on my system:


$ ll -d /var/state/saslauthd/
drwxrwxr-x 3 root ldap 4096 Oct 17 16:03 /var/state/saslauthd/


Ok, I've done that and restarted slapd -- no change.  How do I verify
that /usr/lib/sasl2/slapd.conf is the correct filename?

In my system it's /usr/local/lib/sasl2/slapd.conf. I built Cyrus-SASL 2.1.15 from source. I would guess that if your SASL is from a RedHat RPM that /usr/lib is correct.


Why am I getting these lines in syslog?

Oct 21 08:39:41 marmot slapd[13907]: SASL [conn=0] Failure: Invalid credentials
Oct 21 08:39:41 marmot slapd[13907]: SASL [conn=0] Error: unable to open Berkeley db /etc/sasldb2: No such file or directory

I don't *think* that is a fatal error, more just a warning. But you can create /etc/sasldb2 using the saslpasswd command -- I just created a user and then deleted it, which left the /etc/sasldb2 file in place:


saslpasswd -c foo
saslpasswd -d foo

Make sure your ldap user account (or whatever you've called it) can read this file. That stopped the complaints about /etc/sasldb2 in my logs, but again I don't think that's really your problem. If that fixes it, though, please add a follow-up to the FAQ on this topic.

Who needs to own and what should the permissions be on
/usr/lib/sasl2/slapd.conf?

In my system it's owned by root and readable by all.

Allan