[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: gssapi and ldapsearch

To: Alex S Moore <asmoore@edge.net>
Subject: Re: gssapi and ldapsearch
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 29 Jul 2005 09:03:09 +0200
Cc: openldap-software@OpenLDAP.org
In-reply-to: <20050728175421.00006fa5@sws602>
References: <20050728175421.00006fa5@sws602>

OpenLDAP relies on Cyrus SASL to manage this authentication.
OpenLDAP doesn't deal with the tickets or other Kerberos
details.   Hence, this problem is not really specific
to OpenLDAP.  You should make sure Kerberos is working
using various applications distributed with your Kerberos
software, and then make sure Cyrus SASL's GSSAPI implementation
is working using sample programs in Cyrus SASL.  If you
have gotten the above to work, then OpenLDAP should just
work.

Kurt

At 12:54 AM 7/29/2005, Alex S Moore wrote:
>I have searched, read, google'd, et.al. and am at a loss.
>
>All that I want to do at this time is use ldapsearch with gssapi.  The
>output is attached.
>
>I created the keytab entry for the FQDN, but oddly, I had to use just
>ldap/host without the dns domain name.  That really does not matter, but
>it is in the output.
>
>After running the first ldapsearch, I see the ticket for the ldap
>server, service principal ldap/sws602@MCSUN.LOCAL.  The kdc is happy
>and records the TGS_REQ as successful.
>
>But this line from ldapsearch debug output is most puzzling:
>ldap_sasl_interactive_bind_s: Internal (implementation specific) error
>(80) additional info: SASL(-1): generic failure: GSSAPI Error:
>Miscellaneous failure (File exists)
>
>
>Help,
>Alex
>
>-- 
>

References:
- gssapi and ldapsearch
  - From: Alex S Moore <asmoore@edge.net>

Prev by Date: Re: gssapi and ldapsearch
Next by Date: Re: Adding mutliple values to the objectClass attribute using Java
Index(es):
- Chronological
- Thread