Hi Howard
>The SASL library tries all available information sources. If there was
a
>"root" user record in your sasldb2 file it would have been used. Since
>your sasldblistusers2 output shows "[EMAIL PROTECTED]" I'd say you have the
>wrong realm info in your database, as that doesn't match either "root"
>or "[EMAIL PROTECTED]".
And that was the problem. When I added "[EMAIL PROTECTED]" to the sasl
database, ldapsearch worked! MANY thanks for this!
It's interesting (at least, to me) to note that I didn't need any of the
authentication identity mapping entries (as described in section 11.2.4
of the "OpenLDAP Software 2.3 Administrator's Guide" to make this work
(not even the "password-hash {cleartext}" entry that some resources said
to add).
So what gives this SASL mechanism the authority to perform tasks via
LDAP?
Thanks!
tl
