I want to authenticate against an ApacheDS LDAP server using SASL and my
web searches seem to indicate there are 2 ways to do this:
1) saslauthd
2) ldapdb auxprop plugin
Now (2) seems to be coupled with openldap and some sort of rewriting
rules on slapd, so I thought I'd go for (1) which to me seemed simpler.
Indeed, I *think* I've got this working. I tested it as follows:
$ testsaslauthd -f /tmp/mysasl/mux -u ldapuser -p secret
0: OK "Success."
$ testsaslauthd -f /tmp/mysasl/mux -u ldapuser -p wrongsecret
0: NO "authentication failed"
As far as I can tell, if something talks to saslauthd via the socket at
/tmp/mysasl/mux, it will be able to use my ApacheDS.
Now, I am a bit confused as to the SERVER (in my case subversion)
application talking to saslauthd. For subversion (based on what I've
read) I created an "/usr/local/etc/svn.conf" as:
pwcheck_method: saslauthd
saslauthd_path: /tmp/mysasl/mux
mech_list: PLAIN
The problem is that when I run my client, I see this:
$ svn co svn://localhost:2008/trunk
svn: E170001: SASL(-4): no mechanism available: Internal Error -4 in
../../lib/server.c near line 1757
I'm not sure why svnserve doesn't like my config. I'm pretty sure it's
picked up, because I used strace to run svnserve, (I thought I may be
editing the wrong config file) and:
$ strace svnserve --listen-port 2008 -r /tmp/testrepo
[...]
open("/usr/local/etc/svn.conf", O_RDONLY) = 3
[...]
So I'm pretty sure svnserve knows that it's supposed to use saslauthd,
but it seems like it doesn't even *try* to talk to it: I ran saslauthd
with "-d" to see what happens and nothing is logged!
When I test with testlsaslauthd I see stuff like:
[...some local cache lookup...]
saslauthd[2514] :do_auth : auth success: [user=ldapuser]
[service=myservice] [realm=myrealm] [mech=ldap]
saslauthd[2514] :do_request : response: OK
I expected there'd be some messages due to svnserve trying to
authenticate, but there's nothing there...
Many thanks in advance to anyone who takes the time to respond with
suggestions/explanations.
