Try this format:

{SASL}user@domain


(No space between "{SASL}" and "user@domain"


-Josh


On Wed, 2010-02-17 at 05:34 -0500, Geoff Baker wrote:
Hi,

I have a Red Hat 5 machine that I have compiled openldap-2.4.19 with the --enable-spasswd option. I have configured saslauth to do its thing as per the instructions on http://www.openldap.org/doc/admin24/security.html#Authentication%20Methods 

I cannot seem to add the userPassword:: {SASL} user@domain part though. If i try to import a ldif like the following: 

dc: uid=user,dc=domain
changetype: modify
replace: userpassword
userPassword:: {SASL} user@domain

I get an error saying ldapmodify: invalid format (line 4) entry: ""

if i change it to be userpassword: {SASL} user@domain  -  that works but the entry is hashed (is that ok?)

Then when i try to do a bind with that user account i get invalid credentials... Can somebody please help me try to work out why openldap doesn't seem to be passing on the request to SASL?