START=yes
MECHANISMS="ldap"
While you are at it, take a note at the last line. Mine has
OPTIONS="-c -m /var/run/saslauthd"
This line tells you where the daemon is listening at (in this case /var/run/saslauthd). Now the second configuration file /etc/saslauthd.conf.
ldap_servers: ldap://myldapserver.mydomain.com
ldap_start_tls: yes
ldap_tls_cacert_file: /etc/ldap/myldapca.crt
ldap_auth_method: bind
ldap_bind_dn: cn=bindcn,dc=mydomain,dc=com
ldap_password: supersecretstuff
ldap_search_base: ou=Users,dc=mydomain,dc=com
ldap_filter: (&(uid=%U))
This file simply tells SASLAUTHD how to contact the LDAP server. Save and restart the saslauthd by typing
service saslauthd restart
Then you are good to go. First to test the SASLAUTHD authentication by
testsaslauthd -u username -p password
In this way, we can verify that the SASLAUTHD is working as intended. Once that is verified, the last step is to modify SASL to use SASLAUTHD. This is done by changing /usr/lib/sasl2/svn.conf (see my Step 1 post) to the following:
pwcheck_method: saslauthd
saslauthd_path: /run/saslauthd/mux
mech_list: PLAIN LOGIN
One more note here: in the svnserve.conf file (under conf directory of the repository), the min-encryption need to be set to 0, otherwise it would not work on my setting. Also I read somewhere that SASLAUTHD only supports plain and login, not any of the digest methods. This really make this method un-secure because the password will be transmitted in clear text.
So in the end, after all these trouble, I went back to move my SVN server to be served with Apache2 server through SSL (sorry, no Nginx or anything else, only Apache2 works). That seems to be the only secure solution right now (other than SVN+SSH, then I will need to create many user accounts on my SVN server, which is not good).