sasl-regexp is irrelevant for simple binds, I believe.
First check the obvious: are you compiled --with-spasswd? If not, recompile (a great time for the sorely needed upgrade) with it, otherwise you're heading nowhere fast.
You can emulate spasswd by playing with testsaslauthd with service "slapd". If you have userPassword: {SASL}uid@REALM.EXAMPLE.COM, then the corresponding test is:
testsaslauthd -s slapd -r REALM.EXAMPLE.COM -u uid -p secret
testsaslauthd -s slapd -r MY.REALM.COM -u uid -p password 0: OK "Success."
Is that working? If not, turn up saslauthd debugging and/or go talk to Cyrus guys. Also note that the FAQ-O-Matic entry shows a different /usr/local/lib/sasl2/slapd.conf than yours, and is more in line with what I'd typically expect with spasswd. (But I have no idea if what you want is typical or not.)
pwcheck_method: saslauthd saslauthd_path: /var/state/saslauthd/mux
Once that's working, if necessary, start debugging the slapd <> sasl interaction by turning up debugging on both of them. (You have ldapsearch -d -1 here, but there's little reason to suspect this is a client issue.) Is slapd going to Cyrus in the first place (does it even parse the /usr/local/lib/sasl2/slapd.conf file?) etc.
/var/log/openldap entries (set up via syslog.conf local4.*
-- Karen R. McArthur <kmcarthu@bates.edu> Systems Administrator Information and Library Services, Bates College Lewiston, Maine 04240 ph:(207) 786-8236 fax:(207) 786-6057
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature