Your testsaslauthd is trying to use the imap service.
If you don't have an imap service in your KDC, then of course it
will fail.
I saw that, but couldn't figure out how to change the service
directly (Nothing in saslauthd(8) says anything about service).
I'm assuming that "imap" is the default when using testsaslauthd.
I could get it to change when I try a simple bind, but that
doesn't change the result, I still get an error, and I do have a
ldap service in my KDC. I also do have
{SASL}jschaeffer@HARMONYWAVE.COM set as my userPassword.
root@baneling:~# ldapsearch -LLL -x -D "uid=jschaeffer,ou=End
Users,ou=People,dc=harmonywave,dc=com" -W -b ""
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
saslauthd[1479] :do_auth : auth failure: [user=jschaeffer]
[service=ldap] [realm=HARMONYWAVE.COM] [mech=kerberos5]
[reason=saslauthd internal error]
kadmin: listprincs
...
ldap/baneling.harmonywave.com@HARMONYWAVE.COM
...
Thanks,
Joshua Schaeffer