Re: SASL woes

[Dieter Kluenter <dieter@dkluenter.de>]

"Robert Fitzpatrick" <robert@webtent.com> writes:

> On FreeBSD 5.2.1, I am using this doc to try and get SASL auth to work with OpenLDAP
> 2.1.30. Cyrus-SASL 2.1.18 is using saslauthd setup with Heimdal Kerberos 0.6 and
> saslauthd is running with the '-a kerberos5' flag. I initialized the realm in Heimdal,
> exported an ldap service key to /etc/krb5.keytab and set permissions to 'rw-------
> ldap ldap'. Then using the doc below, entered the sasl setup in slapd.conf:

> esmtp# ldapsearch -Y GSSAPI -b "ou=People,dc=webtent,dc=net" "uid=robert" -LLL
> SASL/GSSAPI authentication started
> ldap_sasl_interactive_bind_s: Local error (82)
>         additional info: SASL(-1): generic failure: GSSAPI Error:  Miscellaneous
> failure (see text) (Server (krbtgt/WEBENT.NET@WEBTENT.NET) unknown)
>
>
> I assume there is something major that I am missing, can someone offer what they think
> it may be?

1. saslauthd is not required for OpenLDAP
2. it seems that ldapsearch is trying 'localhost' so either
   configure ldap.conf or ~/.ldaprc or even both and set an
   appropriate URI value.
3. test with sasl_server and sasl_client suit your setup.
4. test wether sasl is supporting the gssapi mechanism by searching
   ldapsearch -H ldap://my.host -x -b "" -s base \
   supportedSASLMechanisms  

-Dieter

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de