Sorry, I had started the saslauthd incorrectly which is why I got the socket error.
This is tail of the latest saslauthd debug output : ldap_sasl_interactive_bind: user selected: DIGEST-MD5 ldap_int_sasl_bind: DIGEST-MD5 ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 182.19.136.42:389 ldap_new_socket: 10 ldap_prepare_socket: 10 ldap_connect_to_host: Trying 182.19.136.42:389 ldap_pvt_connect: fd: 10 tm: 10 async: 0 ldap_ndelay_on: 10 attempting to connect: connect errno: 115 ldap_int_poll: fd: 10 tm: 10 ldap_is_sock_ready: 10 ldap_ndelay_off: 10 ldap_pvt_connect: 0 ldap_int_sasl_open: host=182.19.136.42 ldap_sasl_bind ldap_send_initial_request ldap_send_server_request ldap_msgfree ldap_result ld 0x7f9f426f2990 msgid 1 wait4msg ld 0x7f9f426f2990 msgid 1 (timeout 10000000 usec) wait4msg continue ld 0x7f9f426f2990 msgid 1 all 1 ** ld 0x7f9f426f2990 Connections: * host: 182.19.136.42 port: 389 (default) refcnt: 2 status: Connected last used: Wed Dec 30 18:50:38 2015 ** ld 0x7f9f426f2990 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 0x7f9f426f2990 request count 1 (abandoned 0) ** ld 0x7f9f426f2990 Response Queue: Empty ld 0x7f9f426f2990 response count 0 ldap_chkResponseList ld 0x7f9f426f2990 msgid 1 all 1 ldap_chkResponseList returns ld 0x7f9f426f2990 NULL ldap_int_select read1msg: ld 0x7f9f426f2990 msgid 1 all 1 read1msg: ld 0x7f9f426f2990 msgid 1 message type bind read1msg: ld 0x7f9f426f2990 0 new referrals read1msg: mark request completed, ld 0x7f9f426f2990 msgid 1 request done: ld 0x7f9f426f2990 msgid 1 res_errno: 7, res_error: <SASL(-4): no mechanism available: >, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_int_sasl_bind: DIGEST-MD5 ldap_parse_sasl_bind_result ldap_parse_result ldap_msgfree ldap_err2string Tim On Wed, Dec 30, 2015 at 6:29 PM, Timothy Keith <[email protected]> wrote: > I'm still having troubles with pass-through SASL on RHEL > > testsaslauthd produces this message : > 0: NO "authentication failed" > > With this in the system log : > saslauthd logs reason=Unknown > > When saslauthd is launched in verbose mode and followed > by testsaslauthd it prints : > > connect() : No such file or directory > > > Tim > > > On Thu, Dec 24, 2015 at 1:46 PM, Timothy Keith <[email protected]> > wrote: > >> As per my ongoing LDAP SASL design question, can anyone recommend a good >> tutorial for pass-through authentication ? >> >> Tim >> >> On Tue, Dec 22, 2015 at 2:47 PM, Timothy Keith <[email protected] >> > wrote: >> >>> Uwe, your assistance could be very helpful. I followed Open LDAP >>> tutorials but could not determine why the SASL requests fail. I am a >>> newcomer to LDAP. >>> >>> Tim >>> >>> On Mon, Dec 21, 2015 at 12:04 PM, Hering, Uwe <[email protected]> >>> wrote: >>> >>>> Hello Tim, >>>> >>>> we have set up such a setup where one can authenticate against OpenLDAP >>>> which redirects the request via saslauthd/kerberos to an AD server. Within >>>> the AD a service account with corresponding keytab will be necessary. >>>> >>>> If you are interested I can try to get the pieces of information >>>> together again. >>>> >>>> Regards, >>>> >>>> Uwe >>>> >>>> -----Ursprüngliche Nachricht----- >>>> Von: openldap-technical [mailto:[email protected]] >>>> Im Auftrag von Timothy Keith >>>> Gesendet: Freitag, 18. Dezember 2015 01:33 >>>> An: [email protected] >>>> Betreff: pass-through authentication >>>> >>>> We are attempting to set up an LDAP server which will answer queries >>>> from an application. The database will contain metadata on a set of users >>>> in the application. The application will also query the server to >>>> authenticate the user’s password, however, this server will not house the >>>> password. That resides on another server, which our server >>>> will query. We do not have administrative rights to the other >>>> server. >>>> >>>> The difficulty we are having now is setting up the pass-through >>>> authentication for the passwords. Any pointers in how to proceed with this >>>> would be greatly appreciated. >>>> >>>> Regards, >>>> >>>> Tim >>>> >>>> >>> >> >
