Your testsaslauthd is trying to use the imap service. If you don't have an imap service in your KDC, then of course it will fail.


I saw that, but couldn't figure out how to change the service directly (Nothing in saslauthd(8) says anything about service). I'm assuming that "imap" is the default when using testsaslauthd. I could get it to change when I try a simple bind, but that doesn't change the result, I still get an error, and I do have a ldap service in my KDC. I also do have {SASL}jschaeffer@HARMONYWAVE.COM set as my userPassword.


root@baneling:~# ldapsearch -LLL -x -D "uid=jschaeffer,ou=End Users,ou=People,dc=harmonywave,dc=com" -W -b ""
Enter LDAP Password:
ldap_bind: Invalid credentials (49)

saslauthd[1479] :do_auth         : auth failure: [user=jschaeffer] [service=ldap] [realm=HARMONYWAVE.COM] [mech=kerberos5] [reason=saslauthd internal error]

kadmin: listprincs
...
ldap/baneling.harmonywave.com@HARMONYWAVE.COM
...


Thanks,
Joshua Schaeffer