[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Client & Server with Kerberos

To: openldap-software <openldap-software@openldap.org>, sanjay gupta <sanjay_cs1983@yahoo.com>
Subject: Re: LDAP Client & Server with Kerberos
From: Donn Cave <donn@u.washington.edu>
Date: Mon, 7 Jan 2008 09:11:56 -0800
In-reply-to: <107093.95824.qm@web50104.mail.re2.yahoo.com>
References: <107093.95824.qm@web50104.mail.re2.yahoo.com>


On Jan 7, 2008, at 12:06 AM, sanjay gupta wrote:

It seems that LDAP server has not  GSSAPI available.
So how can we add GSSAPI support in LDAP server for making it work??


Do you have other services at your site that authenticate with
Kerberos?  The software may be ready to go, but you'll still
need an "ldap" service principal, in a keytab.  You might need
some configuration for domain/realm mapping, depending on the
DNS situation.

Little of this stuff will appear in the LDAP logs, even with
debugging on, because it's buried in a SASL layer that's
designed to confuse the issue.  It might be better, if slapd
doesn't work right away, to experiment with a sample server
and client like the "gss-server" that comes with the Kerberos
distribution.  Pay attention to what keys you have for the
server (as root, klist -k), tickets you acquire during the
experiment (klist), requests to the Kerberos KDC (syslog
local3), file access times to krb5.keytab and krb5.conf.

	Donn Cave, donn@u.washington.edu

Follow-Ups:
- Re: LDAP Client & Server with Kerberos
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

References:
- Re: LDAP Client & Server with Kerberos
  - From: sanjay gupta <sanjay_cs1983@yahoo.com>

Prev by Date: Re: LDAP Client & Server with Kerberos
Next by Date: Re: LDAP Client & Server with Kerberos
Index(es):
- Chronological
- Thread