On 04/08/10 14:54 -0700, Brent Bice wrote:
Dieter Kluenter wrote:
Did you create a lib/sasl2/slapd.conf, or wherever your sasl configuration files are located?
I created a lib/sasl2/slapd.conf file again and in it specified: pwcheck_method: saslauthd saslauthd_path: /var/state/saslauthd/mux
If testsaslauth works without specifying a '-f' option, then you shouldn't need to specify saslauthd_path.
And I confirmed that that is, indeed, the path that saslauthd is listening on (it shows when I run saslauthd with the -d -V flags). But when I ask OpenLDAP to authenticate a user whose userPassword attribute is {SASL}bbice@ldap the saslauthd daemon shows no sign of having received an auth request.
Make sure the user that slapd is running under has permissions to access the saslauthd mux. You may need to do a 'addgroup openldap sasl' or something similar to give it permissions.
If I run testsaslauthd -u bbice, however, the authentication works ok and saslauthd shows testsaslauthd connecting to it. So it appears slapd isn't contacting saslauthd at all? How does slapd determine what path to use for the saslauthd socket? lib2/sasl/slapd.conf? Or saslauthd.conf?
The location is compiled into the sasl glue library at configure time, but can be changed with the saslauthd_path config option.