Доброго времени суток, давно читаю ваш форум, наконец-то решил попросить помощи.
Собираю такую связку в первый раз, есть мануал в по которому это делаю, рекламить не буду, гуглится легко.

FreeBSD 8.2-RELEASE

Astarot# pkg_info
apache-2.2.17_1     Version 2.2.x of Apache web server with prefork MPM.
apr-ipv6-devrandom-gdbm-db42-mysql51-1.4.2.1.3.10 Apache Portability Library
autoconf-2.68       Automatically configure source code on many Un*x platforms
autoconf-wrapper-20101119 Wrapper script for GNU autoconf
automake-1.11.1     GNU Standards-compliant Makefile generator (1.11)
automake-wrapper-20101119 Wrapper script for GNU automake
bison-2.4.3,1       A parser generator from FSF, (mostly) compatible with Yacc
cups-client-1.4.6   Common UNIX Printing System: Library cups
cvsup-without-gui-16.1h_4 File distribution system optimized for CVS (non-GUI version
cyrus-imapd-2.4.6   The cyrus mail server, supporting POP3 and IMAP4 protocols
cyrus-sasl-2.1.23_3 RFC 2222 SASL (Simple Authentication and Security Layer)
cyrus-sasl-ldapdb-2.1.25 SASL LDAPDB auxprop plugin
cyrus-sasl-saslauthd-2.1.25 SASL authentication server for cyrus-sasl2
db41-4.1.25_4       The Berkeley DB package, revision 4.1
db42-4.2.52_5       The Berkeley DB package, revision 4.2
db46-4.6.21.4       The Berkeley DB package, revision 4.6
ddclient-3.8.0_1    Update dynamic DNS entries
elinks-0.11.7_1     Elinks - links text WWW browser with enhancements
en-freebsd-doc-20110110 Documentation from the FreeBSD Documentation Project
exim-4.77_1         High performance MTA for Unix systems on the Internet
expat-2.0.1_1       XML 1.0 parser written in C
ezm3-1.2_1          Easier, more portable Modula-3 distribution for building CV
gamin-0.1.10_4      A file and directory monitoring system
gdbm-1.8.3_3        The GNU database manager
gettext-0.18.1.1    GNU gettext package
gio-fam-backend-2.26.1 FAM backend for GLib's GIO library
glib-2.26.1_1       Some useful routines of C programming (current stable versi
gmake-3.81_4        GNU version of 'make' utility
gnutls-2.8.6_2      GNU Transport Layer Security library
help2man-1.38.4     Automatically generating simple manual pages from program o
libexecinfo-1.1_3   A library for inspecting program's backtrace
libgcrypt-1.4.6     General purpose crypto library based on code used in GnuPG
libgpg-error-1.10   Common error values for all GnuPG components
libiconv-1.13.1_1   A character set conversion library
libltdl-2.2.10      System independent dlopen wrapper
libpdel-0.5.3_4     Packet Design multi-purpose C library for embedded applicat
libsigsegv-2.9      Handling page faults in user mode
libslang2-2.2.3     Routines for rapid alpha-numeric terminal applications deve
libtool-2.4.2       Generic shared library support script
libxml2-2.7.8_1     XML parser library for GNOME
lua-5.1.5_3         Small, compilable scripting language providing easy access
m4-1.4.15,1         GNU m4
mc-4.8.1.1          Midnight Commander, a free Norton Commander Clone
mpd-5.5             Multi-link PPP daemon based on netgraph(4)
mysql-client-5.1.55 Multithreaded SQL database (client)
mysql-server-5.1.55 Multithreaded SQL database (server)
nmap-5.61.t5        Port scanning utility for large networks
openldap-sasl-client-2.4.26 Open source LDAP client implementation with SASL2 support
openldap-sasl-server-2.4.31 Open source LDAP server implementation
p5-Authen-SASL-2.15 Perl5 module for SASL authentication
p5-Convert-ASN1-0.22 Perl5 module to encode and decode ASN.1 data structures
p5-Digest-HMAC-1.02 Perl5 interface to HMAC Message-Digest Algorithms
p5-Digest-SHA1-2.13 Perl interface to the SHA-1 Algorithm
p5-GSSAPI-0.28      Perl extension providing access to the GSSAPIv2 library
p5-IO-Socket-SSL-1.38 Perl5 interface to SSL sockets
p5-Locale-gettext-1.05_3 Message handling functions
p5-Net-SSLeay-1.36  Perl5 interface to SSL
p5-URI-1.56         Perl5 interface to Uniform Resource Identifier (URI) refere
p5-XML-Filter-BufferText-1.01 Filter to put all characters() in one event
p5-XML-NamespaceSupport-1.11 A simple generic namespace support class
p5-XML-SAX-0.96     Simple API for XML
p5-XML-SAX-Writer-0.53 SAX2 XML Writer
p5-perl-ldap-0.4001 A Client interface to LDAP (includes Net::LDAP)
pcre-8.30_1         Perl Compatible Regular Expressions library
perl-5.10.1_3       Practical Extraction and Report Language
php5-5.3.5          PHP Scripting Language
php5-gettext-5.3.5  The gettext shared extension for php
php5-hash-5.3.5     The hash shared extension for php
php5-iconv-5.3.5    The iconv shared extension for php
php5-ldap-5.3.5     The ldap shared extension for php
php5-openssl-5.3.5  The openssl shared extension for php
php5-session-5.3.5  The session shared extension for php
php5-xml-5.3.5      The xml shared extension for php
phpldapadmin-suphp-1.2.0.5,1 A set of PHP-scripts to administer LDAP over the web
pkg-config-0.25_1   A utility to retrieve information about installed libraries
png-1.4.5           Library for manipulating PNG images
popt-1.16           A getopt(3) like library with a number of enhancements, fro
portupgrade-2.4.8_1,2 FreeBSD ports/packages administration and management tool s
pptpclient-1.7.2_5  PPTP client for establishing a VPN link with an NT server
pth-2.0.7           GNU Portable Threads
python26-2.6.6      An interpreted object-oriented programming language
rsync-3.0.7         A network file distribution/synchronization utility
rsyncmanager-1.1    Flexible rsync resource manager daemon written in ruby
ru-freebsd-doc-20110110 Russian translation of the FreeBSD Documentation Project
ruby-1.8.7.302,1    An object-oriented interpreted scripting language
ruby18-bdb-0.6.5_1  Ruby interface to Sleepycat's Berkeley DB revision 2 or lat
samba34-3.4.9_1     A free SMB and CIFS client and server for UNIX
squid-2.7.9         HTTP Caching Proxy
sudo-1.8.4_1        Allow others to run commands as root
suphp-0.7.1_3       Securely execute PHP scripts under Apache
talloc-2.0.1_1      Hierarchical pool based memory allocator

Astarot# cat /usr/local/etc/openldap/slapd.conf
include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/nis.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/misc.schema
include         /usr/local/etc/openldap/schema/openldap.schema
include         /usr/local/etc/openldap/schema/vmail.schema
pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

modulepath      /usr/local/libexec/openldap
moduleload      back_bdb

access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read

access to *
        by self write
        by users read
        by anonymous auth
        by dn="cn=pretox,dc=mail.local" write
        by dn="cn=mta,dc=mail,dc=local" read

#######################################################################
# BDB database definitions
#######################################################################

database        bdb
suffix          "dc=mail,dc=local"
rootdn          "cn=pretox,dc=mail,dc=local"

# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.

rootpw          {SSHA}xxxxxxxxxxxxxxxxxxxxxxx

directory       /var/db/openldap-data

index   objectClass     eq
index   cn,sn           pres,eq,approx,sub
index   mailBox         eq
index   status          eq
index   uidNumber       eq
index   gidNumber       eq

password-hash   {CLEARTEXT}

sasl-authz-policy       to

sasl-regexp     uidNumber=(.*)\\+gidNumber=(.*),cn=peercred,cn=external,cn=auth
                ldap:///dc=mail,dc=local??sub?(&(uidNumber=$1)(gidNumber=$2))

sasl-regexp     uid=(.*@.*),cn=external,cn=auth
                ldap:///dc=mail,dc=local??sub?(&(mailBox=$1)(status=enabled))

sasl-regexp     uid=(.*),cn=external,cn=auth
                ldap:///dc=mail,dc=local??sub?(|(cn=$1)(&(mailBox=$1@xxx)(status=enabled)))

Заведены в лдапе cyrus (uid/gid = 60) mta (uid/gid = 27/6) что соответствует записям

Astarot# id cyrus
uid=60(cyrus) gid=60(cyrus) groups=60(cyrus)
Astarot# id mta
uid=27(mta) gid=6(mail) groups=6(mail)

56065  ??  Is     0:00,06 /usr/local/libexec/slapd -4 -h ldap:/// ldapi:/// -u ldap -g ldap
56038  ??  Ss     0:00,62 /usr/local/cyrus/bin/master -d

после чего делаю:

Astarot# su -m cyrus
Astarot# ldapwhoami -v -Y EXTERNAL -U cyrus -H ldapi://
ldap_initialize( ldapi:///??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=60+uidNumber=60,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn:gidNumber=60+uidNumber=60,cn=peercred,cn=external,cn=auth
Result: Success (0)

а должен был бы получить что-то типа:
>> ldapwhoami -v -Y EXTERNAL -U cyrus -H ldapi://

SASL/EXTERNAL authentication started
SASL username: uidNumber=60+gidNumber=60,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn:cn=cyrus,dc=mail,dc=local

Отсюда вопросы:
гугл по запросу ldap_initialize( ldapi:///??base ) дает только невразумительные ответы,
что значит такая ошибка?
Правильно ли я понимаю что dn:gidNumber=60+uidNumber=60,cn=peercred,cn=external,cn=auth
означает что авторизация не произошла?
Еще раз прошу помощи )