[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Simple Bind pass-through to SASL/PLAIN
On Thu, Mar 10, 2011 at 04:32:16PM -0700, Zach Schimke wrote:
> Okay, here's the log from a SASL/PLAIN bind working.
> Mar 10 16:28:51 kdc1 slapd[2367]: SASL [conn=41] Error: unable to
> open Berkeley db /etc/sasldb2: No such file or directory
That suggests that your SASL config is still wrong, as it is trying to
use the default secrets database.
It may well be that the SASL library is not reading the config
files that you are modifying. Try running slapd under strace and
look to see which files it opens. You are looking for something like
/usr/lib/sasl2/slapd.conf which should contain something like this:
mech_list: plain
pwcheck_method: saslauthd
saslauthd_path: /var/run/sasl2/mux
Also, take not of the suggested tests in the adming guide:
http://www.openldap.org/doc/admin24/security.html#Testing%20pass-through%20authentication
In particular, you can use testsaslauthd to make sure that the back-end
authentication daemon is working.
This is very unlikely to be an ACL problem.
Andrew
--
-----------------------------------------------------------------------
| From Andrew Findlay, Skills 1st Ltd |
| Consultant in large-scale systems, networks, and directory services |
| http://www.skills-1st.co.uk/ +44 1628 782565 |
-----------------------------------------------------------------------