# LDAP server not compiled with SASL support

## dogghaus

Hi, I've tried setting up gentoo to authenticate to my existing ldap server, and I am not having any luck.  When I try to bind using sasl, I get the error "ldap not compiled with sasl support."  Since all my user passwords are stored in a krb5 database, ldap needs to be compiled with sasl in order to bind to the krb5 server.  Am I wrong about this?  I have been using pretty much the same setup for three years now, running on redhat boxes.

Also, I can't log in remotely via ssh (as anyone but root) or ftp (at all).  I adjusted the pam settings (system-auth) as recommended in the ldap authentication guide, no luck.  I adjusted the pam settings again to match my redhat boxes, now I can't log in even as root locally.  So I know it is doing something, just not what I want.

I compiled ldap with kerberos support; when using simple bind, ssl. or tls, gssapi came back as an SASL mechanism.  I can run ldapadd and kadmin, so it is connecting, just no luck with the user authentication.  My make.conf has ldap,kerberos,sasl,ssl, and pam in the use statement.

Since I can't log in, I can't retrieve any log entries, but they were fairly generic "user not found" errors.  I am reloading the machine.  My main goal is to replace my redhat cyrus-imap/postfix server.  I store all passwords (redirected to krb5), aliases, horde stuff, etc in ldap.

If anyone has any pointers or has done this on a gentoo box, please let me know if you have any advice or if I am brainfarting this.

----------

## eNut

Sounds like you should re-emerge LDAP with SASL in your USE flags.  If you did that then I dunno  :Smile: 

----------

## dogghaus

I tried, and emerge stated it was not a valid option.  The options I stated in my make.conf were the only pertinent ones.

----------

## rt_clik

Trying to get my LDAP test server up and running (securely), and have been running into all sorts of TSL errors on the LDAP connection. Thinking they may be somewhat related to the SASL errors I've seen in connection attempts remotely, I went looking to recompile openldap with SASL support. There is a USE flag, but in order for it to be valid for the openldap build you must have SASL installed.

cyrus-sasl is the only package that makes any sense. My rebuild of openldap borked later along the compile, but seemed happy during the config when using the USE="sasl" flag. Now, I've just got to diagnose my other breakage.

Hope this helps someone.

----------

