[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: cmusaslsecretPLAIN attribute
On 7/3/07, John Burian <john@burian.org> wrote:
[...]
> if you want a SASL bind with PLAIN mechanism and TLS, the ldapwhoami
> should look something like
>
> $ ldapwhoami -Y PLAIN -U burianj -ZZ -H ldap://localhost
>
I'm not having a problem getting TLS to work. ldapwhoami is connecting
over port 636, I see correct TLS messages in the log file, and
ldapwhoami reports that it is authenticating with SASL/PLAIN. For the
record, if I try the above command, forcing the connection over port 389
and using StartTLS, I get the same results as just using "ldapwhoami" or
"ldapwhoami -D 'uid=burianj,ou=people,dc=cqcb'". The problem is simple
authentication works, SASL/PLAIN authentication with the same DN and
password fails.
I think, though, that you do want to use -U for SASL binding, instead
of -D, which is typically used for simple binding.
From the log you sent earlier, it appears that the PLAIN mechanism is
being invoked, but it looks like your sasldb2 file is not being
accessed:
Jul 3 14:49:57 Hodgkin slapd[5635]: SASL [conn=0] Error: unable to open
Berkeley db /etc/sasldb2: No such file or directory
Since /etc/sasldb2 typically has strict permissions, this might be a
permissions problem... or maybe the file doesn't exist.
Matt