Issues with latest openldap + sasl against lfs6
Ryan.Oliver at pha.com.au
Mon Nov 22 01:09:52 PST 2004
[cross posting from lfs-chat]
Just wondering if any of you folks happen to be playing with latest
openldap + sasl...
I got an interesting one.
Firstly some background on my setup.
All authentication is done via Kerberos5, authorisation is handled via
ldap (standard RFC-2307bis).
All user account information is retrieved from ldap via nss_ldap, bar
the password which is handed off from the ldap server to the krb5 server
via saslauthd... well at least until I upgraded...
Points to note
o Kerberos works correctly serving up the three realms I have to deal
with (which could make an interesting FAQ, but I digress)
o sasl is working correctly
Using the sample-server/sample-client with a valid kerberos ticket
works, and using testsaslauthd specifying user, password and realm
o nss_ldap can get at the user information in the ldap server fine, but
o openldap, though built with --with-cyrus-sasl, does not appear to
believe it supports any sasl mechanisms, hence therefore I cannot
login as any of the user accounts in ldap (though root can su to
them and ls etc all show correct user information for files)
I've gone through the usual checks, ldap user can read the slapd.keytab,
permissions on the saslauthd state directory (/var/run with blfs build)
allow reading by the ldap user... urghhh, I've reached a dead end.
Anyone care to distribute clue to this l-user ;-)
LFS6 ( gcc-3.4.2 , glibc-2.3.4-20041021 )
MIT KerberosV 1.3.5
Openssl 0.9.7d (with krb5)
All help appreciated
More information about the blfs-support