On 7/3/07, John Burian john@burian.org wrote: [...]
if you want a SASL bind with PLAIN mechanism and TLS, the ldapwhoami should look something like
$ ldapwhoami -Y PLAIN -U burianj -ZZ -H ldap://localhost
I'm not having a problem getting TLS to work. ldapwhoami is connecting over port 636, I see correct TLS messages in the log file, and ldapwhoami reports that it is authenticating with SASL/PLAIN. For the record, if I try the above command, forcing the connection over port 389 and using StartTLS, I get the same results as just using "ldapwhoami" or "ldapwhoami -D 'uid=burianj,ou=people,dc=cqcb'". The problem is simple authentication works, SASL/PLAIN authentication with the same DN and password fails.
I think, though, that you do want to use -U for SASL binding, instead of -D, which is typically used for simple binding.
From the log you sent earlier, it appears that the PLAIN mechanism is
being invoked, but it looks like your sasldb2 file is not being accessed:
Jul 3 14:49:57 Hodgkin slapd[5635]: SASL [conn=0] Error: unable to open Berkeley db /etc/sasldb2: No such file or directory
Since /etc/sasldb2 typically has strict permissions, this might be a permissions problem... or maybe the file doesn't exist.
Matt