Re: OpenLDAP with SASL not working

[Don Fike <fike@icl.utk.edu>]

I think my issue was that only root could read /etc/sasl2/slapd.conf.
Seems to be working now...

Thanks,


On 6/4/15 1:43 PM, Aaron Richton wrote:
> On Wed, 3 Jun 2015, Don Fike wrote:
>
> > Greetings,
> >
> > I am using OpenLDAP 2.4.39 with SASL 2.1.23 on CentOS 6.6.
> > I have setup this CentOS server with the same configuration as I have 
> > on a working RedHat 6.6 server.
> > However with this CentOS server the SASL combination is not working.
> > Using LDAP without SASL with a SSHA password authentication works.
> > When using pass-through SASL I see a err=49 in the slapd output and 
> > the client sees Invalid Credentials.
> > I see no output in saslauthd when run in debug when using LDAP.
> > Running testsaslauthd alone works as expected and this does generate 
> > output in the saslauthd debug terminal.
> > It appears that saslauthd never gets the request from slapd.
> > Any suggestions on how to debug this further in order to determine 
> > why it is not working appreciated.
>
> To pass LDAP Simple Bind credentials to saslauthd, you'll need to use 
> the {SASL} password scheme (compiled with --enable-spasswd -- see the 
> OpenLDAP FAQ-O-Matic).
>
> This doesn't enable SASL Binds, however; for that, you'll need 
> passwords in the directory.