SASL/GSSAPI: ldap_sasl_interactive_bind_s: Local error (-2)

["Cameron Harris" <thecwin@gmail.com>]

Hi all,

I'm new to this so forgive me for any stupid questions/assumptions or if I miss anything out. :)

I'm trying to set up a Krb5 authenticated OpenLDAP server, mainly for educational purposes, so I've been trying to merge
together various guides on the internet to a working setup. Unfortunately, I'm now getting the following error:

cameron@gimli:~$ ldapsearch
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)

No additional information or anything. ldapsearch -x works as expected.

My setup is currently all on one system: Ubuntu Server 8.10, slapd/ldap-utils 2.4.11, MIT krb5-kdc 1.6. 

This is my config file (slapd.d format):

root@gimli:~# cat /etc/ldap/slapd.d/cn\=config.ldif 
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/slapd/slapd.args
olcLogLevel: none
olcPidFile: /var/run/slapd/slapd.pid
olcToolThreads: 1
olcTLSCACertificateFile: /etc/ldap/ssl/server.pem
olcTLSCertificateFile: /etc/ldap/ssl/server.pem
olcTLSCertificateKeyFile: /etc/ldap/ssl/server.pem
olcTLSVerifyClient: allow
olcSaslRealm: LOCAL
olcSaslHost: ldap.local
structuralObjectClass: olcGlobal
entryUUID: ccd3335c-5da4-102d-9155-ed2c61020a96
creatorsName: cn=config
createTimestamp: 20081213210021Z
entryCSN: 20081213210021.939004Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20081213210021Z

I'm using ldaps://ldap.local as the service URL, and that all seems to be working okay as indicated by the simple authentication. 
ldap.local has an entry in the DNS server.


Any ideas on where I can go from here?

Thanks,

Cameron Harris