On Thu, Mar 10, 2011 at 04:32:16PM -0700, Zach Schimke wrote:
Okay, here's the log from a SASL/PLAIN bind working.
Mar 10 16:28:51 kdc1 slapd[2367]: SASL [conn=41] Error: unable to open Berkeley db /etc/sasldb2: No such file or directory
That suggests that your SASL config is still wrong, as it is trying to use the default secrets database.
It may well be that the SASL library is not reading the config files that you are modifying. Try running slapd under strace and look to see which files it opens. You are looking for something like /usr/lib/sasl2/slapd.conf which should contain something like this:
mech_list: plain pwcheck_method: saslauthd saslauthd_path: /var/run/sasl2/mux
Also, take not of the suggested tests in the adming guide: http://www.openldap.org/doc/admin24/security.html#Testing%20pass-through%20a...
In particular, you can use testsaslauthd to make sure that the back-end authentication daemon is working.
This is very unlikely to be an ACL problem.
Andrew