Simple Bind pass-through to SASL/PLAIN

[Zach Schimke <zschimke@mars.asu.edu>]

Is there any trick to this?

I am able to get SASL/PLAIN and SASL/GSSAPI binds to work perfectly with 
my ldap server. What I want to get working is the authentication 
pass-through.

From what I can gather, it appears that LDAP should be able to 
authenticate a simple bind, take a look at the userPassword attribute 
(which contains '{SASL}username@REALM) and perform a SASL/PLAIN from there.

We want to avoid maintaining two separate passwords (LDAP and Kerberos 
V) although some applications (like phpLDAPAdmin, Drupal, etc) do not 
allow the use of Kerberos natively.

/etc/sasl2/slapd.conf (using CentOS):
    pwcheck_method: saslauthd

Here's a snippet of my openldap.log during a simple bind:
    Mar  3 16:45:49 kdc1 slapd[28132]: conn=2009 fd=39 ACCEPT from 
IP=149.169.147.254:56106 (IP=0.0.0.0:636)
    Mar  3 16:45:49 kdc1 slapd[28132]: conn=2009 fd=39 TLS established 
tls_ssf=256 ssf=256
    Mar  3 16:45:49 kdc1 slapd[28132]: conn=2009 op=0 BIND dn="cn=test 
account,ou=people,o=mars" method=128
    Mar  3 16:45:49 kdc1 slapd[28132]: send_ldap_result: conn=2009 op=0 
p=3
    Mar  3 16:45:49 kdc1 slapd[28132]: conn=2009 op=0 RESULT tag=97 
err=49 text=
    Mar  3 16:45:49 kdc1 slapd[28132]: connection_closing: readying 
conn=2009 sd=39 for close
    Mar  3 16:45:49 kdc1 slapd[28132]: connection_close: conn=2009 sd=-1
    Mar  3 16:45:49 kdc1 slapd[28132]: conn=2009 fd=39 closed 
(connection lost)

Anything I should double-check, modify, etc?

--
Zach Schimke
Mars Space Flight Facility