Maxwell Bottiger wrote:
On Wed, 2006-11-08 at 18:28 -0800, Howard Chu wrote:
I figure this is one of three possible problems. 1 - saslauthd isn't working right
SASL-enabled servers don't talk to saslauthd to perform GSSAPI authentication, so that is out of the equation.
That's very interesting. If openldap and other sasl enabled services don't need saslauthd, what does use it? Just curious. Maybe it's something I can turn off.
I generally don't build saslauthd; I find it to be more of a liability than anything else. It only supports plaintext password authentication. The couple things that it can do that nothing else does, is authenticate a plaintext password against PAM, IMAP, and some other external mechanisms.
The only reason OpenLDAP supports SASL is to provide strong authentication mechanisms. Going to the trouble of setting up SASL, and then only using it with plaintext, just doesn't make any sense.
I have some more information from playing around this afternoon. The first thing I found is that ldap authentication is still working for my Fedora 5 computers. The ldap queries for users are failing only for the Fedora 6 machine. Since the setups are identical except for releases, I submitted a bug report to redhat's bugzilla.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214679
There are two logs attached to the bug report which detail this problem. They are both kind of lengthy, so I won't list them here.
That having been said, I'm really really leaning toward me not setting up these queries correctly. ldapsearch is still failing regardless of whether or not logins are working, and they are failing with the same error messages.
Thanks for your quick response.
First you should follow Kurt's advice and get the SASL sample client and server working, before leaping to any other conclusions.