[Pkg-openldap-devel] Bug#464937: slapd fails with sasl errors

Steve Langasek vorlon at debian.org
Sun Feb 10 07:10:42 UTC 2008


tags 464937 moreinfo
thanks

On Sun, Feb 10, 2008 at 04:29:55AM +0530, Ritesh Raj Sarraf wrote:
> This is what happens during start

> 7 20    Feb 10 04:21:09 learner slapd[1036]:     daemon: shutdown requested and initiated.
> 7 20    Feb 10 04:21:09 learner slapd[1036]:     slapd shutdown: waiting for 0 threads to terminate
> 7 20    Feb 10 04:21:09 learner slapd[1036]:     slapd stopped.
> 7 20    Feb 10 04:21:09 learner slapd[1439]:     @(#) $OpenLDAP: slapd 2.4.7 (Jan 26 2008 03:21:30) $#012#011buildd at ninsei:/build/buildd/openldap2.3-2.4.7/d
> ebian/build/servers/slapd
> 7 20    Feb 10 04:21:09 learner slapd[1439]:     daemon_init: listen on ldap://127.0.0.1:389/
> 7 20    Feb 10 04:21:09 learner slapd[1439]:     daemon_init: 1 listeners to open...
> 7 20    Feb 10 04:21:09 learner slapd[1439]:     daemon: listener initialized ldap://127.0.0.1:389/
> 7 20    Feb 10 04:21:09 learner slapd[1439]:     daemon_init: 1 listeners opened
> 7 20    Feb 10 04:21:09 learner slapd[1439]:     slapd init: initiated server.
> 3 4     Feb 10 04:21:09 learner slapd[1439]:     auxpropfunc error invalid parameter supplied
> 7 4     Feb 10 04:21:09 learner slapd[1439]:     _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb
> 7 20    Feb 10 04:21:09 learner slapd[1439]:     slap_sasl_init: initialized!
> 7 20    Feb 10 04:21:09 learner slapd[1441]:     slapd starting

> So, sasl is initialized. The _sasl_plugin_load error started only after
> I installed the libsasl2-modules-ldap hoping that that might solve the
> problem. But no, it didn't.

> Now what I connect to the server using my addressbook client (KDE
> Addressbook LDAP Resource), I get the following errors.

> 7 20    Feb 10 04:22:51 learner slapd[1441]:     SASL [conn=6] Error: unable to open Berkeley db /etc/sasldb2: No such file or directory
> 7 20    Feb 10 04:22:51 learner slapd[1441]:    last message repeated 2 times
> 7 20    Feb 10 04:22:51 learner slapd[1441]:     SASL [conn=6] Failure: no secret in database
> 3 4     Feb 10 04:22:51 learner [kdeinit]        ldap /tmp/ksocket-rrs/klauncherYPhlab.s: attempting client step after doneflag
> 7 20    Feb 10 04:22:51 learner slapd[1441]:     connection_operation: error: SASL bind in progress (tag=66).
> 7 20    Feb 10 04:22:52 learner slapd[1441]:     SASL [conn=7] Error: unable to open Berkeley db /etc/sasldb2: No such file or directory
> 7 20    Feb 10 04:22:52 learner slapd[1441]:    last message repeated 2 times
> 7 20    Feb 10 04:22:52 learner slapd[1441]:     SASL [conn=7] Failure: no secret in database
> 3 4     Feb 10 04:22:52 learner [kdeinit]        ldap /tmp/ksocket-rrs/klauncherYPhlab.s: attempting client step after doneflag
> 7 20    Feb 10 04:22:52 learner slapd[1441]:     connection_operation: error: SASL bind in progress (tag=66).

> There is no folder named /etc/sasldb2 on my system.
> How am I supposed to create it ?
> Is it correct for slapd to look at that path ?
> There is no document much about ldap in /usr/share/doc/slapd/

Is this an upgrade from a previous version of slapd where you had SASL auth
working?  Or is this a new install?

If you haven't configured SASL, then you should not be doing SASL binds to
the LDAP server, you should be doing simple binds instead.  If you have
configured SASL and had it working before, we would need to know the details
of your configuration (starting with the non-sensitive parts of
/etc/ldap/slapd.conf) to try to reproduce this problem.  But, AFAIK all SASL
auth requires configuring the Cyrus SASL library to specify which mechanisms
should be used and with what passwords.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org





More information about the Pkg-openldap-devel mailing list