[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Simple Binds / Invalid credentials



* Grant Carmichael <germanshorthairpointer@gmail.com> [050920 19:54]:
> Hi everyone,
> 
> I've been working on setting up an enterprise directory 
> using Heimdal Kerberos and OpenLDAP. The one part I'm stuck
> on is getting simple binds to successfully use SASL to 
> authenticate against Kerberos.  Below I've add some of my 

Simple Binds doesn't use SASL at all. You have to go an indirect
route:

1.) set the UserPassword-Entry to {sasl}user@REALM (you have done that
 allready)
2.) start the saslauthd-Daemon on the same computer your
directory-server runs on. Use as startup-Flag "-a kerberos5"
3.) Configure slapd to use the saslauthd-Daemon
 -> search for the sasl2-Library Path usually in /usr/lib/sasl2 or
 /usr/local/lib/sasl2
 -> in this directory create a file slapd.conf with the following
 content:
SNIP--> 
pwcheck_method: saslauthd
mech_list: gssapi
--<SNAP
4.) (Don't know, if its neccessary) Restart slapd

-- 
Max-Born-Institut (MBI)/Max-Born-StraÃe 2A/12489 Berlin/Karsten Gorling
Telefon: ++49 30 6392 1341 / Telefax: ++49 30 6392 1309 
E-Mail: kgorling@physik.tu-berlin.de or gorling@mbi-berlin.de
Instantmessenger: Jabber: grafzahl@jabber.fsinf.de or ICQ: 95492828
PGP-Fingerprint:  4BEF 23EA 02AE BACA 9918  31FF 285B 0426 0E1A B2FC
----------------- > encrypted E-Mail preferred <------------------------