The same command without '-x -W', or ldapwhoami with no args, does not work:
$ ldapwhoami -D 'uid=burianj,ou=people,dc=cqcb' SASL/PLAIN authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): user not found: Password verification failed
if you want a SASL bind with PLAIN mechanism and TLS, the ldapwhoami should look something like
$ ldapwhoami -Y PLAIN -U burianj -ZZ -H ldap://localhost
I'm not having a problem getting TLS to work. ldapwhoami is connecting over port 636, I see correct TLS messages in the log file, and ldapwhoami reports that it is authenticating with SASL/PLAIN. For the record, if I try the above command, forcing the connection over port 389 and using StartTLS, I get the same results as just using "ldapwhoami" or "ldapwhoami -D 'uid=burianj,ou=people,dc=cqcb'". The problem is simple authentication works, SASL/PLAIN authentication with the same DN and password fails.
But, SASL authentication does not use a DN, but a username (as provided in the example Dieter gave you above). And you would need to have configured slapd to map a SASL identity to a DN for the bind to succeed.
So, please provide the commandline you are using with the SASL bind that is failing.
Regards, Buchan