Issues with latest openldap + sasl against lfs6

Ryan Oliver Ryan.Oliver at pha.com.au
Mon Nov 22 00:51:28 PST 2004


Greetings all,

Just wondering if any of you folks happen to be playing with latest 
openldap + sasl...

I got an interesting one.

Firstly some background on my setup.

All authentication is done via Kerberos5, authorisation is handled via 
ldap (standard RFC-2307bis).

All user account information is retrieved from ldap via nss_ldap, bar 
the password which is handed off from the ldap server to the krb5 server 
via saslauthd... well at least until I upgraded...

Points to note
  o Kerberos works correctly serving up the three realms I have to deal
    with (which could make an interesting FAQ, but I digress)
  o sasl is working correctly
    Using the sample-server/sample-client with a valid kerberos ticket
    works, and using testsaslauthd specifying user, password and realm
    works.
  o nss_ldap can get at the user information in the ldap server fine, but
  o openldap, though built with --with-cyrus-sasl, does not appear to
    believe it supports any sasl mechanisms, hence therefore I cannot
    login as any of the user accounts in ldap (though root can su to
    them and ls etc all show correct user information for files)

I've gone through the usual checks, ldap user can read the slapd.keytab, 
permissions on the saslauthd state directory (/var/run with blfs build) 
allow reading by the ldap user... urghhh, I've reached a dead end.

Anyone care to distribute clue to this l-user ;-)

System details
LFS6 ( gcc-3.4.2 , glibc-2.3.4-20041021 )
BDB 4.2.52
MIT KerberosV 1.3.5
Openssl 0.9.7d (with krb5)
cyrus-sasl 2.1.20
openldap 2.2.18
nss_ldap 226

All help appreciated

Regards
Ryan




More information about the lfs-chat mailing list