Hello Forum,
I am working with an "out of the box" installation of Z. 8.0 on Ubuntu 10.04. This is a licensed installation.
I need to allow a remote, 3rd party, SPAM filter to query the Z. OpenLDAP server so it can verify user accounts.
It appears, however, that there is some sort of configuration conflict between LDAP and SASL that is causing remote client
authentication to fail.

Example:
If I run ldapsearch with the -x switch ( use simple authentication instead of SASL) I will get a successful
response from the server:
$ ldapsearch -v -x
-H 'ldap://<server IP>:389'
-D 'uid=testuser.one,ou=people,dc=mydomain,dc=org'
-w '<password>'
"mail=someuser@mydomain.org"

If run the same ldapsearch without the -x switch then SASL is engaged and the authentication fails.
Here is an example, with the debug switch, -d 3, to generate detailed information:
$ ldapsearch -v -d 3
-H 'ldap://<server IP>:389'
-D 'uid=testuser.one,ou=people,dc=mydomain,dc=org'
-w '<password>'
"mail=someuser@mydomain.org"

Result ( edited for brevity...):
...
wait4msg ld 0x940b550 msgid 1 (infinite timeout)
wait4msg continue ld 0x940b550 msgid 1 all 1
** ld 0x940b550 Connections:
* host: <IP Address> port: 389 (default)
refcnt: 2 status: Connected
...
ldap_msgfree
ldap_sasl_interactive_bind_s: server supports: SCRAM-SHA-1 GSSAPI DIGEST-MD5 OTP CRAM-MD5
ldap_int_sasl_bind: SCRAM-SHA-1 GSSAPI DIGEST-MD5 OTP CRAM-MD5
ldap_int_sasl_open: host=<IP Address>
SASL/DIGEST-MD5 authentication started
...
ldap_perror
ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
additional info: SASL(-1): generic failure: unable to canonify user and get auxprops

End of example.

Looking through the forum threads there does not seem to be much information on this
problem and, with 8.0, nothing that is current. I suspect that this problem can be solved
by adjusting the SASL and or LDAP configuration but I'm afraid to to this w/o advice since
I'm not sure how that might affect the operation of the ZCS as a whole. I've not submitted
a support request on this as yet; can anybody give me some pointers on how to fix?

Thanks Much,
-Dave