<span style="font-family: sans-serif;">NOTE: I am using Cyrus SASL 2.1.26 (self-compiled).</span><br style="overflow-wrap: break-word; font-family: sans-serif;"><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">I want to authenticate against an ApacheDS LDAP server using SASL and my </span><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">web searches seem to indicate there are 2 ways to do this:</span><br style="overflow-wrap: break-word; font-family: sans-serif;"><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">1) saslauthd</span><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">2) ldapdb auxprop plugin</span><br style="overflow-wrap: break-word; font-family: sans-serif;"><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">Now (2) seems to be coupled with openldap and some sort of rewriting </span><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">rules on slapd, so I thought I'd go for (1) which to me seemed simpler.</span><br style="overflow-wrap: break-word; font-family: sans-serif;"><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">Indeed, I *think* I've got this working. I tested it as follows:</span><br style="overflow-wrap: break-word; font-family: sans-serif;"><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">$ testsaslauthd -f /tmp/mysasl/mux -u ldapuser -p secret</span><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">0: OK "Success."</span><br style="overflow-wrap: break-word; font-family: sans-serif;"><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">$ testsaslauthd -f /tmp/mysasl/mux -u ldapuser -p wrongsecret</span><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">0: NO "authentication failed"</span><br style="overflow-wrap: break-word; font-family: sans-serif;"><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">As far as I can tell, if something talks to saslauthd via the socket at </span><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">/tmp/mysasl/mux, it will be able to use my ApacheDS.</span><br style="overflow-wrap: break-word; font-family: sans-serif;"><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">Now, I am a bit confused as to the SERVER (in my case subversion) </span><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">application talking to saslauthd. For subversion (based on what I've </span><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">read) I created an "/usr/local/etc/svn.conf" as:</span><br style="overflow-wrap: break-word; font-family: sans-serif;"><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">pwcheck_method: saslauthd</span><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">saslauthd_path: /tmp/mysasl/mux</span><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">mech_list: PLAIN</span><br style="overflow-wrap: break-word; font-family: sans-serif;"><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">The problem is that when I run my client, I see this:</span><br style="overflow-wrap: break-word; font-family: sans-serif;"><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">$ svn co svn://localhost:2008/trunk</span><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">svn: E170001: SASL(-4): no mechanism available: Internal Error -4 in </span><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">../../lib/server.c near line 1757</span><br style="overflow-wrap: break-word; font-family: sans-serif;"><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">I'm not sure why svnserve doesn't like my config. I'm pretty sure it's </span><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">picked up, because I used strace to run svnserve, (I thought I may be </span><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">editing the wrong config file) and:</span><br style="overflow-wrap: break-word; font-family: sans-serif;"><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">$ strace svnserve --listen-port 2008 -r /tmp/testrepo</span><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">[...]</span><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">open("/usr/local/etc/svn.conf", O_RDONLY) = 3</span><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">[...]</span><br style="overflow-wrap: break-word; font-family: sans-serif;"><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">So I'm pretty sure svnserve knows that it's supposed to use saslauthd, </span><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">but it seems like it  doesn't even *try* to talk to it: I ran saslauthd </span><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">with "-d" to see what happens and nothing is logged!</span><br style="overflow-wrap: break-word; font-family: sans-serif;"><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">When I test with testlsaslauthd I see stuff like:</span><br style="overflow-wrap: break-word; font-family: sans-serif;"><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">[...some local cache lookup...]</span><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">saslauthd[2514] :do_auth        : auth success: [user=ldapuser] </span><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">[service=myservice] [realm=myrealm] [mech=ldap]</span><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">saslauthd[2514] :do_request      : response: OK</span><br style="overflow-wrap: break-word; font-family: sans-serif;"><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">I expected there'd be some messages due to svnserve trying to </span><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">authenticate, but there's nothing there...</span><br style="overflow-wrap: break-word; font-family: sans-serif;"><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;">Many thanks in advance to anyone who takes the time to respond with </span><br style="overflow-wrap: break-word; font-family: sans-serif;"><span style="font-family: sans-serif;" id="yMail_cursorElementTracker_0.30326647451147437">suggestions/explanations.</span><div id="yMail_cursorElementTracker_0.20883924909867346"><br></div>