[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: can I use a kerberos ticket with ldapsearch (and ldap libraries)

To: openldap-software@OpenLDAP.org
Subject: RE: can I use a kerberos ticket with ldapsearch (and ldap libraries)
From: "Nils O." Selåsdal <noselasd@frisurf.no>
Date: 20 Apr 2002 15:23:44 +0200
In-reply-to: <1018675743.8882.19.camel@enterprise>
References: <NMEFLNHODBAOPDKNNJALCEJACKAA.hyc@highlandsun.com> <1018672463.8884.6.camel@enterprise> <1018675743.8882.19.camel@enterprise>

On Sat, 2002-04-13 at 07:29, Michael Torrie wrote:
> Okay, I'm getting closer.  I'm able to do a kinit on my root@MYDOMAIN
> principal.  Then I run:
> 
> ldapsearch -h myhost.mydomain.com -p 389 -I -b "" -s base -LLL
> supportedSASLMechanisms
> 
> I get an error:
> 
> ldap_sasl_interactive_bind_s: Unknown error
> 	additional info: GSSAPI: gss_acquire_cred: Miscellaneous failure;
> Permission denied;
> 
> This is better then the last error, which was the generic local error.
> 
I struggled with this quite a few hours, it turned out that slapd
running as the user ldap didnt have read permissions for my keytab
(etc/krb5.keytab).

Another question.. when I get my kerberos ticket for
noselasd@FIANE.INTRA , and bind to ldap with sasl which
dn am I bound as?


-- 
Nils Olav Selåsdal <NOS@Utel.no>
System Developer, UtelSystems a/s
w w w . u t e l s y s t e m s . c o m

References:
- RE: can I use a kerberos ticket with ldapsearch (and ldap libraries)
  - From: "Howard Chu" <hyc@highlandsun.com>
- RE: can I use a kerberos ticket with ldapsearch (and ldap libraries)
  - From: Michael Torrie <torriem@cs.byu.edu>
- RE: can I use a kerberos ticket with ldapsearch (and ldap libraries)
  - From: Michael Torrie <torriem@cs.byu.edu>

Prev by Date: Re: real life email with ldap.
Next by Date: Re: web interface
Index(es):
- Chronological
- Thread