can't get slapd to do pass-through authentication

[Brent Bice <bbice@sgi.com>]

   I've been trying to get Pass-Through authentication to work using a 
userPassword attribute of the form {SASL}username@realm. At this point 
I'm guessing but is there a way to tell slapd what pathspec to use to 
talk to saslauthd? (I'm guessing maybe it's using one path but saslauthd 
is using a different one for the socket file)

   I've got saslauthd running ok and can authenticate using 
testsaslauthd so I'm fairly sure I'm ok there. And I've got openldap 
compiled with --enable-spasswd option so it ought to support the SASL 
pass-through option, right?

   I ran saslauthd with debugging on so I can see every auth request 
and whether it succeeds or fails and I can see it when testsaslauth 
connects and succeeds.  But when I try to bind to slapd using the DN 
whose userPassword is {SASL}bbice@ldap the authentication to slapd fails 
and saslauthd doesn't show any authentication attempt at all. It's as if 
it's not even trying (or can't find) saslauthd.

   I ran slapd with the -d 255 option and saved the output to a file. 
Here's all the lines containing the string sasl:
>>> dnPretty: <cn=SASL>
=> ldap_bv2dn(cn=SASL,0)
<= ldap_bv2dn(cn=SASL)=0
<= ldap_dn2bv(cn=SASL)=0
<<< dnPretty: <cn=SASL>
>>> dnNormalize: <cn=SASL>
<<< dnNormalize: <cn=sasl>
ldap_sasl_bind_s
ldap_sasl_bind
SASL Canonicalize [conn=1000]: authcid="bbice@ldap"
SASL Canonicalize [conn=1000]: authcid="bbice@ldap"
SASL Canonicalize [conn=1001]: authcid="bbice@ldap"
SASL Canonicalize [conn=1001]: authcid="bbice@ldap"

   So if I'm reading that right, slapd does see that it's supposed to 
hand off the authentication to saslauthd and it has picked out the 
username and realm. But it doesn't seem to be connecting to or using 
saslauthd.

   Any ideas?  What am I missing here?

Brent Bice
bbice@sgi.com