[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Simple Binds / Invalid credentials

To: OpenLDAP-software@OpenLDAP.org
Subject: Re: Simple Binds / Invalid credentials
From: Grant Carmichael <germanshorthairpointer@gmail.com>
Date: Wed, 21 Sep 2005 10:03:40 -0400
Content-disposition: inline
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=TC0nARijerwbatn9X6Yhn/ep6o+WOsrAJ/1rEHvCwgR3eGwtnVyMtcbo5fPVFLqYDVm08ZA0G++bevQsNp/RdJNPeRnNd49708RBiq3E/7oJaUlIutQPDJ3SX1o/iwmxA3VcdQYSPdAu/Z9HwN1e7Hi39EGbKAA3t/UE2bOP4bk=
In-reply-to: <857b8f560509210654138023cd@mail.gmail.com>
References: <857b8f560509201018227432cb@mail.gmail.com> <20050920183425.GA11351@gargantubrain> <857b8f560509210654138023cd@mail.gmail.com>

I just got it to work by changing userPassword to {SASL}235807 instead
of {SASL}235807@shorter.edu???????

Grant

On 9/21/05, Grant Carmichael <germanshorthairpointer@gmail.com> wrote:
> On 9/20/05, Karsten Gorling <kgorling@physik.tu-berlin.de> wrote:
> > * Grant Carmichael <germanshorthairpointer@gmail.com> [050920 19:54]:
> > > Hi everyone,
> > >
> > > I've been working on setting up an enterprise directory
> > > using Heimdal Kerberos and OpenLDAP. The one part I'm stuck
> > > on is getting simple binds to successfully use SASL to
> > > authenticate against Kerberos.  Below I've add some of my
> >
> > Simple Binds doesn't use SASL at all. You have to go an indirect
> > route:
> >
> > 1.) set the UserPassword-Entry to {sasl}user@REALM (you have done that
> >  allready)
> > 2.) start the saslauthd-Daemon on the same computer your
> > directory-server runs on. Use as startup-Flag "-a kerberos5"
> > 3.) Configure slapd to use the saslauthd-Daemon
> >  -> search for the sasl2-Library Path usually in /usr/lib/sasl2 or
> >  /usr/local/lib/sasl2
> >  -> in this directory create a file slapd.conf with the following
> >  content:
> > SNIP-->
> > pwcheck_method: saslauthd
> > mech_list: gssapi
> > --<SNAP
> > 4.) (Don't know, if its neccessary) Restart slapd
>
> I've had 1, 2, done.  I for step 3 I added mech_list: gssapi to my
> /usr/local/lib/sasl2/slapd.conf and I still get the following error
> after restarting kdc, slapd, and saslauthd -a kerberos5:
>
> /usr/local/bin/ldapsearch -x -D
> "uid=235807,ou=people,dc=shorter,dc=edu" -w somepass -b
> "ou=people,dc=shorter,dc=edu" uid
> ldap_bind: Invalid credentials (49)
>
> Any other ideas?
>

Follow-Ups:
- Re: Simple Binds / Invalid credentials
  - From: Karsten Gorling <kgorling@physik.TU-Berlin.DE>

References:
- Simple Binds / Invalid credentials
  - From: Grant Carmichael <germanshorthairpointer@gmail.com>
- Re: Simple Binds / Invalid credentials
  - From: Karsten Gorling <kgorling@physik.tu-berlin.de>
- Re: Simple Binds / Invalid credentials
  - From: Grant Carmichael <germanshorthairpointer@gmail.com>

Prev by Date: OpenLDAP + RHEL4 - time to time database crash (BDB backend)
Next by Date: OpenLdap doesn't answer keep-alive from our load balancer
Index(es):
- Chronological
- Thread