Notes on getting LDAP working with Kerberos (for simple binds)

Important things to note:

• Recent LDAP no longer uses {KERBEROS} pseudo-encryption method. Instead it uses {SASL}. See the OpenLDAP FAQ on the topic.
• If you're using a chrooted postfix, the sasl client configuration needs to know that the socket for authentication is /var/spool/postfix/var/run/saslauthd/mux rather than the standard /var/run/saslauthd/mux

• On Debian/Ubuntu, sasl's service (client) configuration goes in /etc/sasl rather than /usr/lib/sasl2. so the slapd.conf file containing:

  pwcheck_method: saslauthd
  saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux

  goes in there.