Hi Howard
The SASL library tries all available information sources. If there was
a
"root" user record in your sasldb2 file it would have been used. Since your sasldblistusers2 output shows "root@tivo2" I'd say you have the wrong realm info in your database, as that doesn't match either "root" or "root@tivo2.backup".
And that was the problem. When I added "root@tivo2.backup" to the sasl database, ldapsearch worked! MANY thanks for this!
It's interesting (at least, to me) to note that I didn't need any of the authentication identity mapping entries (as described in section 11.2.4 of the "OpenLDAP Software 2.3 Administrator's Guide" to make this work (not even the "password-hash {cleartext}" entry that some resources said to add).
So what gives this SASL mechanism the authority to perform tasks via LDAP?
Thanks! tl