[Pkg-openldap-devel] Bug#464937: slapd fails with sasl errors
Steve Langasek
vorlon at debian.org
Mon Feb 11 00:12:13 UTC 2008
On Sun, Feb 10, 2008 at 01:01:03PM +0530, Ritesh Raj Sarraf wrote:
> On Sunday 10 February 2008, Steve Langasek wrote:
> > Is this an upgrade from a previous version of slapd where you had SASL auth
> > working? Or is this a new install?
> No. It is a fresh install. I have never used slapd before.
> Does slapd work without SASL ?
Yes, if you use simple binds.
> > If you haven't configured SASL, then you should not be doing SASL binds to
> > the LDAP server, you should be doing simple binds instead. If you have
> > configured SASL and had it working before, we would need to know the
> > details of your configuration (starting with the non-sensitive parts of
> > /etc/ldap/slapd.conf) to try to reproduce this problem. But, AFAIK all
> > SASL auth requires configuring the Cyrus SASL library to specify which
> > mechanisms should be used and with what passwords.
> Here's an output:
> rrs at learner:~$ ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
> This is what the manpage is saying for -x
> -x Use simple authentication instead of SASL.
Please capture the output of this command running with full debugging
enabled (ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts -d16383)
The above doesn't indicate a SASL error at all. The most obvious
explanation for the above is that there's no ldap server running at the
default URI configured in /etc/ldap/ldap.conf.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek at ubuntu.com vorlon at debian.org
More information about the Pkg-openldap-devel
mailing list