Re: Authenticate to ldap using Kerberos

[Dan White <dwhite@olp.net>]

On 09/09/10 12:47 +0800, Wouter van Marle wrote:
> Adding user `openldap' to group `sasl' ...
> Adding user openldap to group sasl
> Done.

(Did you restart slapd?)

> > The issue is that the /var/run/saslauthd directory, where the
> > saslauthd unix socket is located, is only accessible by group 'sasl' (and
> > root).
>
> True:
> drwx--x--- 2 root       sasl       4096 2010-09-09 10:14 saslauthd
>
> Still the same permission denied error message in syslog!

If I recall correctly, you mentioned running Postfix previously. Is it
running chrooted? Have you customized the location of your saslauthd mux?

If so, you'll need to add:

saslauthd_path: /path/to/saslauthd

What's the output of /etc/default/saslauthd (minus the comments)?

Also, assuming IMAP is running on the same system, what's the output of:

grep sasl /etc/imapd.conf | sed 's/^sasl_//'

Is that substantially different from /usr/lib/sasl2/slapd.conf?

To trouble shoot, find out where saslauthd is listening:

# netstat -an | grep saslauthd
unix  2      [ ACC ]     STREAM     LISTENING     9712 /var/run/saslauthd/mux

Set your saslauthd_path appropriately:

saslauthd_path: /var/run/saslauthd
(minus the /mux)

and correct any permissions problems to that directory. The mux itself
should have 777 permissions:

srwxrwxrwx 1 root root 0 2010-08-23 22:37 /var/run/saslauthd/mux


--
Dan White