[Wylug-help] slapd authentication (Ubuntu Breezy) ... SASL Probs?

[Dave Fisher]

Hi,

I'm trying to create a 'proof of concept' LDAP directory on a test
server.

Installing the binary OpenLDAP package (slapd) and accepting the default
configs, creates a running server with an admin user called 'admin' and a
password.

I can do simple (unauthenticated) searches/browsing of the database, using the slapd
utilities, or those in ldap-utils or gq.

But I can't seem to authenticate in any way, i.e. via simple authentication or
via SASL.  So I can't enter/change any basic test data to practice on.

Attempts at simple authentication of the admin user return this:

  'ldap_bind: Invalid credentials (49)'

Although I'm not entirely sure that I am correctly declaring myself to be the
admin user in this instance.

Attempts at SASL-based authentication of the admin user return this:

  ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
          additional info: SASL(-13): user not found: no secret in database

In an attempt to discover whether I was simply passing the wrong user id to the
authentication mechanism, I tried authenticating interactively via SASL, like
so.

  # ldapsearch -I
  SASL/DIGEST-MD5 authentication started
  SASL Interaction
  Please enter your authorization name: admin
  Default: root
  Please enter your authentication name: admin
  Please enter your password:
  ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
          additional info: SASL(-13): user not found: no secret in database

Would I be wrong in thinking that this means that the default installation is
using SASL?

I am not at all sure whether I am failing to pass the correct user/pwd
comination to the authentication mechanism or whether the default config is
actually less complete  than I had assumed.

I can't find anything in /usr/share/doc/slapd which might explain how the
default Debian/Ubuntu manages authentication.

Can anyone suggest a next step?


Dave