Hi,

I have to configure an second LDAP Server to store an big directory. This server should use our primary LDAP server to check the logins.

Here My Problem:

>ldapsearch -Y PLAIN -W -D uid=root,o=yyy,c=com -b "o=yyy,c=com" -s base supportedSASLMechanisms -d1 -O maxssf=0 ldap_create Enter LDAP Password: ldap_sasl_interactive_bind_s: user selected: PLAIN ldap_int_sasl_bind: PLAIN ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 127.0.0.1:389 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_pvt_connect: fd: 3 tm: -1 async: 0 ldap_int_sasl_open: host=grunix ldap_err2string ldap_sasl_interactive_bind_s: Unknown authentication method (-6)

I have read I have to use PLAIN because of saslauthd can't use other mechanisms, is that right? The other mechanisms don't work also :-(

Here the result of the sasl test application:

> testsaslauthd -s ldap -u root -p yyy -f /var/run/saslauthd/mux 0: OK "Success."

And here my configuration:

/usr/lib/sasl2/slapd.conf:

mech_list: PLAIN LOGIN GSSAPI DIGEST-MD5 CRAM-MD5 EXTERNAL pwcheck_method: saslauthd saslauthd_path: /var/run/saslauthd/mux log_level: 7

Here my /etc/openldap/slapd.conf

include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema

pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args

security ssf=0 sasl-host 127.0.0.1 sasl-realm YYY.COM sasl-secprops none

access to dn.base="" by * read access to dn.base="cn=Subschema" by * read

database bdb suffix o=yyy,c=com rootdn cn=admin,o=yyy,c=com rootpw secret directory /var/lib/openldap-data index objectClass eq

access to dn.subtree="o=yyy,c=com" by * read

I have entered "{SASL}root" to the userPassword attribute to forward the password to SASL.

versions: openldap 2.4.10 cyrus-sasl 2.1.22

Has anyone an Idea what happens?

regards, Steffen