[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Need SASL idiot-proof walkthrough

To: openldap-software@OpenLDAP.org
Subject: Re: Need SASL idiot-proof walkthrough
From: Dieter Kluenter <dieter@dkluenter.de>
Date: Fri, 26 Mar 2004 23:26:07 +0100
In-reply-to: <75333DD5963159499F497735AC2A3FC3017501D9@exchange.uta.edu> (Digant Kasundra's message of "Fri, 26 Mar 2004 15:46:55 -0600")
References: <75333DD5963159499F497735AC2A3FC3017501D9@exchange.uta.edu>
User-agent: Gnus/5.1001 (Gnus v5.10.1) XEmacs/21.4 (Portable Code, linux)

Hi,

Digant Kasundra <digant@uta.edu> writes:

> I have done the sample-server and sample-client and successfully got to the
> "Negotiation complete" part.  But OpenLDAP is still giving me problems:
>
> do_sasl_bind: dn () mech GSSAPI
> SASL [conn=32] Failure: GSSAPI Error: Miscellaneous failure (see text)
> (Decrypt integrity check failed)
[...]
> (I do notice that the bind dn is "" which makes me think my sasl-regexp is
> fubar.) 
>
> sasl-realm "KERB.UTA.EDU"
> sasl-host labrador.kerb.uta.edu
> sasl-regexp uid=(.*),cn=kerb.uta.edu,cn=gssapi,cn=auth
> ldap:///uid=$1,cn=people,dc=uta,dc=edu??sub

As I mentioned in my other mail, cyrus-sasl sometimes is quite case
sensitive. Either set sasl-realm to lower case, or define sasl realm
in your sasl-regexp in upper case.

-Dieter

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de

References:
- RE: Need SASL idiot-proof walkthrough
  - From: Digant Kasundra <digant@uta.edu>

Prev by Date: RE: Need SASL idiot-proof walkthrough
Next by Date: Personalised Global Address Book
Index(es):
- Chronological
- Thread