On 12/30/14 10:32 -0500, Brendan Kearney wrote:
On Mon, 2014-12-29 at 10:49 -0600, Dan White wrote:
http://www.openldap.org/doc/admin24/security.html#Pass-Through%20authenticat...
Add 'pwcheck_method: saslauthd' to your libsasl slapd.conf file, and should need nothing else unless you're using a non standard location for your saslauthd mux.
Verify that your slapd user has permissions to access the saslauthd mux, and verify your saslauthd config with testsaslauthd.
i had the pwcheck_method directive in there, along with the path to one of two saslauthd mux's. /var/run/saslauthd/mux and /run/saslauthd/mux, which both show up as "srwxrwxrwx" and are owned by root:root. testing
Typically for the saslauthd mux, it's the parents' directory permissions that restrict access.
using testsaslauthd works with my id, but i am not sure how to have authentication work when the other process is binding with "cn=user,dc=domain,dc=tld" and not a username.
dn: cn=user,dc=domain,dc=tld userPassword: {SASL}username@realm