Hi Howard
The SASL library tries all available information sources. If there was
a
"root" user record in your sasldb2 file it would have been used. Since
your sasldblistusers2 output shows "root@tivo2" I'd say you have the
wrong realm info in your database, as that doesn't match either "root"
or "root@tivo2.backup".
And that was the problem. When I added "root@tivo2.backup" to the sasl
database, ldapsearch worked! MANY thanks for this!
It's interesting (at least, to me) to note that I didn't need any of the
authentication identity mapping entries (as described in section 11.2.4
of the "OpenLDAP Software 2.3 Administrator's Guide" to make this work
(not even the "password-hash {cleartext}" entry that some resources said
to add).