Hallvard B Furuseth wrote:
Rick Stevens writes:
I'm sure I'm not the only person having this issue, but I absolutely cannot seem to get SASL and LDAP to work. I want SASL to authenticate using the passwords in LDAP, but in the classic chicken-and-egg scenario, you can't talk to LDAP without having SASL working first.
Hmm, this could use a mention in the Admin Guide.
No.
I haven't tried it myself, but: In addition to setting up slapd to use SASL, you must set up SASL to use LDAP. In Cyrus SASL, that is described in doc/install.html: Build with LDAP support (the circular dependency shows up here too), then use the LDAPDB auxprop plugin.
The ldapdb plugin is only needed by other SASL-enabled services that are meant to use LDAP for authentication. It does not deserve mention in the OpenLDAP Admin Guide because it is strictly a SASL administrator's concern. That's also why we moved the ldapdb code from the OpenLDAP source tree into the Cyrus SASL source tree, and why the ldapdb plugin is only documented in the Cyrus SASL documentation. Don't muddy the picture by dragging in irrelevant elements.
For SASL authentication within OpenLDAP software, all of the necessary components are already intrinsic to libldap and slapd.