Your testsaslauthd is trying to use the imap service. If you don't have an imap service in your KDC, then of course it will fail. I saw that, but couldn't figure out how to change the service directly (Nothing in saslauthd(8) says anything about service). I'm assuming that "imap" is the default when using testsaslauthd. I could get it to change when I try a simple bind, but that doesn't change the result, I still get an error, and I do have a ldap service in my KDC. I also do have {SASL}jschaeffer@HARMONYWAVE.COM set as my userPassword. root@baneling:~# ldapsearch -LLL -x -D "uid=jschaeffer,ou=End Users,ou=People,dc=harmonywave,dc=com" -W -b "" Enter LDAP Password: ldap_bind: Invalid credentials (49) saslauthd[1479] :do_auth : auth failure: [user=jschaeffer] [service=ldap] [realm=HARMONYWAVE.COM] [mech=kerberos5] [reason=saslauthd internal error] kadmin: listprincs ... ldap/baneling.harmonywave.com@HARMONYWAVE.COM ... Thanks, Joshua Schaeffer |