Hi,
I have set up a simple OPENLDAP server and I want to begin as I mean to
go on and keep the setup secure. To this end I want the rootdn to be
set to bind via SASL. According to the administrators guide this can be
achieved by setting the DN to be of the form:
uid=<username>,cn=<realm>,cn=<mechanism>,cn=auth.
I've done this but when I attempt an ldapsearch I get the following:-
ldapsearch -U user supportedSASLMechanisms
SASL/DIGEST-MD5 authentication started
Please enter your password: <password>
ldap_sasl_interactive_bind_s: Internal (implementation specific) error
(80)
additional info: SASL(-13): user not found: no secret in
database
But when I test the sasl account using testsaslauthd I get the
following:-
/usr/sbin/testsaslauthd -u user -p secret -s slapd
0: OK "Success."
Looking into the logs it appears that ldap never really gets around to
authenticating properly with SASL, but instead appears to be trying to
local an entry in the LDAP database to authenticate against (the
database is of course empty at this point!).
Snippets of the logs and my slapd.conf file are below. Any suggestions
would be appreciated.