[Techtalk] macs and openldap

Maria McKinley maria at shadlen.org
Tue Sep 25 07:47:34 UTC 2007 

Maria McKinley wrote:
> Maria McKinley wrote:
> 
>>Hello,
>>
>>Well, I'm not getting any response from the openldap mailing list, so I 
>>thought I'd see if any of you have any ideas:
>>
>>I have upgraded my ldap server (debian, openldap 2.3.35-2), and I can
>>get everything to authenticate properly except the macs. I get these
>>errors in the log:
>>
>>Sep 24 01:27:29 billie slapd[6261]: conn=3249 fd=34 ACCEPT from
>>IP=10.208.108.77:49255 (IP=0.0.0.0:389)
>>Sep 24 01:27:29 billie slapd[6261]: conn=3249 op=0 BIND dn="" method=163
>>Sep 24 01:27:29 billie slapd[6261]: conn=3249 op=0 RESULT tag=97 err=14 
>>text=
>>Sep 24 01:27:29 billie slapd[6261]: conn=3249 op=1 BIND dn="" method=163
>>Sep 24 01:27:29 billie slapd[6261]: SASL [conn=3249] Error: unable to
>>open Berkeley db /etc/sasldb2: No such file or directory
>>Sep 24 01:27:29 billie last message repeated 2 times
>>Sep 24 01:27:29 billie slapd[6261]: SASL [conn=3249] Failure: no
>>secret in database
>>Sep 24 01:27:29 billie slapd[6261]: conn=3249 op=1 RESULT tag=97
>>err=49 text=SASL(-13): user not found: no secret in database
>>Sep 24 01:27:29 billie slapd[6261]: conn=3249 op=2 UNBIND
>>Sep 24 01:27:29 billie slapd[6261]: conn=3249 fd=34 closed
>>
>>These machines use to be able to authenticate, so I think it must be
>>something that changed in the process of upgrading. Ssh, mail, and all
>>other services are working fine. I didn't have /etc/sasldb2 before,
>>not sure why it wants it now. Any ideas?
>>
>>thanks,
>>maria
>>
> 
> 
> So, it looks like my old install had libsasl2 installed, but this does 
> not exist in my distro (testing 2.6.21.-2). Does anyone know what 
> replaced it? Seems likely this is part of my problem. There must be some 
> easy way to figure this out, but not sure what that is...
> 
> ~m
> 

I'll just keep rattling off to myself here... If I set the mac to use
ldapv2 read-only, it can authenticate, and I don't get the /etc/sasldb 
error messages in the log. I assume this means that it is attempting to 
use this database when using ldapv3. All of the instructions I find for 
setting up this database are in conjunction with cyrus, and I am not 
really sure I want to set up this database, anyway. I was not using this 
database with the old version of openldap. Can anyone give any hints as 
to how to change this behavior, or any advice on how to proceed?

thanks,
maria

More information about the Techtalk mailing list