Hi!
I've been playing with SASL auth in OpenLDAP 2.1.
Basically, the documentation page on
<http://www.openldap.org/doc/admin21/sasl.html> lacks most info needed
to get SASL working in almost any setup...
E.g. it's not mentioned anywhere that one needs to give unauthenticated
users read permissions to the supportedSASLMechanisms attribute, or else
some clients (even those shipped with OpenLDAP!) won't be able to get
the list of supported mechs and terminate with an error before even
trying to authenticate!
So one needs something like this:
access to attrs=supportedSASLMechanisms
by peername=192\.168\.0\..* read