The flags need modifying in rc.conf. For setting up auth3.znet, I needed the following: slapd_flags='-h "ldaps://10.210.18.36/ ldaps://auth3.znet"' This needs to contain the URL that is used as the olcServerID in the cn=config, otherwise slapd will not start.
To allow passwords like {SASL}zach@ZNET for SASL pass-through, the correct permissions are needed. chown :ldap /var/run/saslauthd
Need to add: pwcheck_method: saslauthd saslauthd_path: /var/run/saslauthd/mux to /usr/local/lib/sasl2/slapd.conf ldapsearch -x -H ldaps://auth2.znet -b "" -s base supportedSaslMechanisms
After applying puppet to install the needed packages and make sure the directories and such are in place, I used the fabric job build_new to deploy auth2.l.znet. The following was performed to get the server ready to serve clients. The rc.conf configuration on the auth boxes have the following manual additions. kerberos5_server_enable="YES" slapd_enable="YES" slapd_cn_config="YES" slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldaps://[2001:111:1111:1ab::18:4111]/ ldaps://10.210.18.35/"' slapd_sockets="/var/run/openldap/ldapi" slapd_krb5_ktname="/etc/krb5.keytab" saslauthd_enable="YES" saslauthd_flags="-a kerberos5" Kerberos Setting up the kerberos slave was pretty simple. On all slave kerberos servers, the following has been added to inetd.conf. ...