I'm running RedHat EL 5 with stock RPMs for OpenLDAP, Cyrus SASL and OpenSSL:
OpenLDAP 2.3.27 Cyrus-SASL 2.1.22 OpenSSL 0.9.8b
I've created a CA on the server, used that to sign a cert, and put the appropriate entries in slapd.conf (to use the cert) and in ldap.conf (to trust the CA). If I run 'ldapwhoami:
$ ldapwhoami SASL/PLAIN authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): user not found: Password verification failed
and in the logs (appended below) I see text about an undefined attribute type 'cmusaslsecretPLAIN'. I've looked around for that string, and all the fixes I've seen seem to want to patch Cyrus-SASL. I'd like to stick with Red Hat's stock RPMs, if possible. Is there a CMU specific schema I need to include, that defines that attribute? I'd also like to keep my auth information in LDAP, rather than have a separate SASL password database. My understanding is that the PLAIN authentication will be secured by the underlying SASL/TLS transport, is that correct? Thanks,
John
Jul 3 07:50:49 Hodgkin slapd[1342]: => acl_get: [1] attr userPassword Jul 3 07:50:49 Hodgkin slapd[1342]: => acl_mask: access to entry "uid=burianj,ou=People,dc=cqcb", attr "userPassword" requested Jul 3 07:50:49 Hodgkin slapd[1342]: => acl_mask: to all values by "", (=0) Jul 3 07:50:49 Hodgkin slapd[1342]: <= check a_dn_pat: self Jul 3 07:50:49 Hodgkin slapd[1342]: <= check a_dn_pat: uid=root,ou=people,dc=cqcb Jul 3 07:50:49 Hodgkin slapd[1342]: <= check a_dn_pat: * Jul 3 07:50:49 Hodgkin slapd[1342]: <= acl_mask: [3] applying auth(=xd) (stop) Jul 3 07:50:49 Hodgkin slapd[1342]: <= acl_mask: [3] mask: auth(=xd) Jul 3 07:50:49 Hodgkin slapd[1342]: => access_allowed: auth access granted by auth(=xd) Jul 3 07:50:49 Hodgkin slapd[1342]: slap_ap_lookup: str2ad(cmusaslsecretPLAIN): attribute type undefined Jul 3 07:50:49 Hodgkin slapd[1342]: send_ldap_result: conn=5 op=1 p=3 Jul 3 07:50:49 Hodgkin slapd[1342]: send_ldap_result: err=0 matched="" text="" Jul 3 07:50:49 Hodgkin slapd[1342]: SASL [conn=5] Failure: Password verification failed